Bug 446404 - vpnc-script generates invalid resolv.conf
vpnc-script generates invalid resolv.conf
Product: Fedora
Classification: Fedora
Component: vpnc (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-05-14 10:24 EDT by Brian Long
Modified: 2008-09-10 02:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-10 02:41:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fixed vpnc-script (14.35 KB, text/plain)
2008-05-14 10:39 EDT, Brian Long
no flags Details

  None (edit)
Description Brian Long 2008-05-14 10:24:55 EDT
Description of problem:
/etc/vpnc/vpnc-script incorrectly writes an /etc/resolv.conf with multiple
domains on the "domain" line instead of putting them on the "search" line.  This
causes "host" to barf. For example, this is a vpnc-script-generated resolv.conf:
domain cisco.com lab.cisco.com
search cisco.com
nameserver 192.168.y.z
nameserver 64.x.y.z

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. vpnc into a gateway that provides two search domains
2. the search domains will be placed on the "domain" line instead of the
"search" line of resolv.conf

Actual results:
> host foo
host: parse of /etc/resolv.conf failed

Expected results:
> host foo
foo.cisco.com is an alias for foo1.cisco.com.
foo1.cisco.com has address 64.x.y.z
Comment 1 Brian Long 2008-05-14 10:39:45 EDT
Created attachment 305368 [details]
Fixed vpnc-script

This vpnc-script separates the cases for domain*) and search*).  This avoids
appending to an existing domain line.
Comment 2 C. Y. Wong 2008-06-29 11:58:18 EDT
I do not have Brian Long's problem of getting two search domians that Brian Long

My problem is that I have been using vpnc in Fedora 9 (2.6.25-14.fc9.i686)
successfully with no problem.  However, recently I updated the kernel to Fedora9
( together with many other updates last week.  Then when I
start the  vpnc  procedure, I get the following message:

/etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 133: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 134: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 135: /sbin/ip: Permission denied
VPNC started in background (pid: 3127)...

and the vpnc connection does not work.

I tried to boot the system with the older kernel of Fedora 9 
(2.6.25-14.fc9.i686), but now the same error message comes out.
How do we fix this bug?

C. Y. Wong
Comment 3 Tomas Mraz 2008-06-30 03:36:17 EDT
re comment #2: This seems like problem with SELinux policy in regards to vpnc.
Can you please open a new bug against vpnc with this report and attach dump of
'ausearch -m AVC' and put dwalsh(@redhat.com) to cc of the new bug?
Comment 4 Tomas Mraz 2008-07-24 12:16:01 EDT
As for the original report. It is questionable whether the domain line should be
changed at all. I think it should not and just the search line should be
modified or added when it is not present.
Comment 5 Brian Long 2008-07-24 12:46:44 EDT
That's acceptable to me.
Comment 6 Fedora Update System 2008-07-25 03:43:04 EDT
vpnc-0.5.1-6.fc9 has been submitted as an update for Fedora 9
Comment 7 Matthew Saltzman 2008-07-25 07:37:48 EDT
Fedora 8 too, please?
Comment 8 Fedora Update System 2008-07-30 16:01:38 EDT
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update vpnc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6782
Comment 9 Matthew Saltzman 2008-07-30 16:54:42 EDT
Fedora 8 too, please?

Comment 10 Fedora Update System 2008-09-10 02:41:30 EDT
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.