Additional info: libreport version: 2.0.18 kernel: 3.6.5-1.fc17.x86_64 description: :SELinux is preventing NetworkManager from 'unlink' accesses on the file /etc/resolv.conf. : :***** Plugin restorecon (94.8 confidence) suggests ************************* : :If you want to fix the label. :/etc/resolv.conf default label should be net_conf_t. :Then you can run restorecon. :Do :# /sbin/restorecon -v /etc/resolv.conf : :***** Plugin catchall_labels (5.21 confidence) suggests ******************** : :If you want to allow NetworkManager to have unlink access on the resolv.conf file :Then you need to change the label on /etc/resolv.conf :Do :# semanage fcontext -a -t FILE_TYPE '/etc/resolv.conf' :where FILE_TYPE is one of the following: dnsmasq_var_run_t, NetworkManager_etc_rw_t, named_cache_t, NetworkManager_log_t, NetworkManager_tmp_t, dhcpc_state_t, NetworkManager_var_lib_t, NetworkManager_var_run_t, pppd_var_run_t, dhcpc_var_run_t, net_conf_t, root_t. :Then execute: :restorecon -v '/etc/resolv.conf' : : :***** Plugin catchall (1.44 confidence) suggests *************************** : :If you believe that NetworkManager should be allowed unlink access on the resolv.conf file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:NetworkManager_t:s0 :Target Context unconfined_u:object_r:etc_t:s0 :Target Objects /etc/resolv.conf [ file ] :Source NetworkManager :Source Path NetworkManager :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.10.0-159.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.5-1.fc17.x86_64 #1 SMP Wed Oct : 31 19:37:18 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen 2012-11-15 04:31:42 WIT :Last Seen 2012-11-15 04:31:42 WIT :Local ID 4789d75b-432f-4e78-b9fa-423e1bd676ac : :Raw Audit Messages :type=AVC msg=audit(1352928702.25:63): avc: denied { unlink } for pid=630 comm="NetworkManager" name="resolv.conf" dev="sda1" ino=136779 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file : : :Hash: NetworkManager,NetworkManager_t,etc_t,file,unlink : :audit2allow : :#============= NetworkManager_t ============== :allow NetworkManager_t etc_t:file unlink; : :audit2allow -R : :#============= NetworkManager_t ============== :allow NetworkManager_t etc_t:file unlink; : Potential duplicate bug: 666454
Created attachment 645182 [details] File: type
Created attachment 645183 [details] File: hashmarkername
# matchpathcon /etc/resolv.conf /etc/resolv.conf system_u:object_r:net_conf_t:s0 Which means the resolve.conf is mislabeled. If you execute # restorecon -Rv /etc/resolve.conf are you able to reproduce it? If so, please reopen the bug. Thank you.
BTW The alert told you how do fix. Any idea how you got this mislabeled?