Hide Forgot
SELinux is preventing /usr/sbin/dnsmasq from 'read' accesses on the file nm-dns-dnsmasq.conf. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that dnsmasq should be allowed read access on the nm-dns-dnsmasq.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dnsmasq_t:s0 Target Context system_u:object_r:NetworkManager_var_run_t:s0 Target Objects nm-dns-dnsmasq.conf [ file ] Source dnsmasq Source Path /usr/sbin/dnsmasq Port <Unknown> Host (removed) Source RPM Packages dnsmasq-2.52-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.9.7-31.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38-0.rc6.git6.1.fc15.x86_64 #1 SMP Sat Feb 26 01:14:56 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Sat 05 Mar 2011 11:37:28 PM IST Last Seen Sat 05 Mar 2011 11:37:28 PM IST Local ID 8396503a-0212-44dd-a378-e3dc8eabad5a Raw Audit Messages type=AVC msg=audit(1299348448.714:24834): avc: denied { read } for pid=2190 comm="dnsmasq" name="nm-dns-dnsmasq.conf" dev=dm-3 ino=8520132 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1299348448.714:24834): arch=x86_64 syscall=open success=no exit=EACCES a0=720b00 a1=0 a2=1b6 a3=0 items=0 ppid=1190 pid=2190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:dnsmasq_t:s0 key=(null) Hash: dnsmasq,dnsmasq_t,NetworkManager_var_run_t,file,read audit2allow #============= dnsmasq_t ============== allow dnsmasq_t NetworkManager_var_run_t:file read; audit2allow -R #============= dnsmasq_t ============== allow dnsmasq_t NetworkManager_var_run_t:file read;
*** Bug 682462 has been marked as a duplicate of this bug. ***
Shouldn't be nm-dns-dnsmasq.conf file located in /etc/NetworkManager directory? Is this by default?
Yes, default after latest updates to F14 (NetworkManager-gnome-0.8.3.997-1.fc14.x86_64)
NetworkManager must be building it on the fly.
Yes, it looks so. Amit, you can allow it for now using # grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Fixed in selinux-policy-3.9.7-34.fc14
selinux-policy-3.9.7-34.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-34.fc14
selinux-policy-3.9.7-37.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-37.fc14
selinux-policy-3.9.7-37.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
I'm getting this issue on F15 after adding "dns=dnsmasq" to /etc/NetworkManager/NetworkManager.conf Seems to be creating this file in /var/run/ selinux-policy-3.9.16-23.fc15.noarch
(In reply to comment #10) > I'm getting this issue on F15 after adding "dns=dnsmasq" to > /etc/NetworkManager/NetworkManager.conf > > Seems to be creating this file in /var/run/ > > selinux-policy-3.9.16-23.fc15.noarch Please open a new bug for this issue.