Please allow 'dnsmasq' binary to open '/etc/NetworkManager/dnsmasq.d' directory and read files from it. NetworkManager uses the directory for custom dnsmasq's configuration not to conflict with default/global dnsnmasq configs. For more information you can look at this commit: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=ac152ece0206b4cde28acf78abb21518e67513e1 The problem has been discovered while analyzing bug 873621. AVC: Nov 12 10:21:58 gromit kernel: [ 7233.682037] type=1400 audit(1352712118.417:17): avc: denied { read } for pid=10710 comm="dnsmasq" name="dnsmasq.d" dev="sda2" ino=605483 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:NetworkManager_etc_t:s0 tclass=dir Nov 12 10:21:58 gromit kernel: [ 7233.682051] type=1400 audit(1352712118.418:18): avc: denied { open } for pid=10710 comm="dnsmasq" path="/etc/NetworkManager/dnsmasq.d" dev="sda2" ino=605483 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:NetworkManager_etc_t:s0 tclass=dir
Fixed in selinux-policy-3.10.0-160.fc17
Thanks a lot.
No problem. It will be as a new update soon.
(In reply to comment #1) > Fixed in selinux-policy-3.10.0-160.fc17 I really need this, so I'd love to test, but I can't find this in Koji. Can you provide a pointer to the SRPM, patch, git repo, etc? Thanks!
Sure, going to do a new build today.
You can download it from koji now. rpms: http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/160.fc17/noarch/selinux-policy-3.10.0-160.fc17.noarch.rpm http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/160.fc17/noarch/selinux-policy-devel-3.10.0-160.fc17.noarch.rpm http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/160.fc17/noarch/selinux-policy-doc-3.10.0-160.fc17.noarch.rpm http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/160.fc17/noarch/selinux-policy-targeted-3.10.0-160.fc17.noarch.rpm
selinux-policy-3.10.0-161.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-161.fc17
Package selinux-policy-3.10.0-161.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-161.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-18787/selinux-policy-3.10.0-161.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-161.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.