Bug 999447 - dnsmasq can't read host and opts files due to SELinux issues
dnsmasq can't read host and opts files due to SELinux issues
Status: CLOSED DUPLICATE of bug 996776
Product: RDO
Classification: Community
Component: openstack-neutron (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: RHOS Maint
Ofer Blaut
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-21 06:35 EDT by Sandro Mathys
Modified: 2016-04-26 13:16 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-21 07:50:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit.log of an affected system (63.19 KB, application/gzip)
2013-08-21 06:35 EDT, Sandro Mathys
no flags Details

  None (edit)
Description Sandro Mathys 2013-08-21 06:35:49 EDT
Created attachment 788802 [details]
audit.log of an affected system

Description of problem:
Having configured Havana-2 with Neutron (using ovs/netns/gre), dnsmasq won't be able to hand out IP addresses because it can't read host and opts files.

Version-Release number of selected component (if applicable):
openstack-neutron-2013.2-0.3.b2.el6.noarch
openstack-neutron-openvswitch-2013.2-0.3.b2.el6.noarch
dnsmasq-2.48-13.el6.x86_64
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch

How reproducible:
Always.

Steps to Reproduce:
1. Install and configure Neutron
2. Configure a network and subnet
3. Launch a guest

Actual results:
No IP over DHCP, dnsmasq having access problems, i.e. permission denied on host and opts files.

Expected results:
IP over DHCP.

Additional info:
Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host: Permission denied
Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host
Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts: Permission denied
Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts

unconfined_u:system_r:dnsmasq_t:s0 nobody 5865  0.0  0.0  12880   772 ?        S    11:25   0:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal
unconfined_u:system_r:dnsmasq_t:s0 root   5866  0.0  0.0  12880   208 ?        S    11:25   0:00  \_ dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal

# ls -Z /var/lib/neutron/
drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 dhcp
drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0   external
drwx------. neutron neutron unconfined_u:object_r:var_lib_t:s0 keystone-signing
drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0   lock
srwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0   metadata_proxy
# ls -Z /var/lib/neutron/dhcp/
drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 09ae9120-d280-477b-851d-7687c2394373
srwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 lease_relay
# ls -Z /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/
-rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 host
-rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 interface
-rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 opts
-rw-r--r--. root    root    unconfined_u:object_r:dnsmasq_lease_t:s0 pid

See also the attached audit.log.gz (grep for dnsmasq for this issue - there also seems to be an issue around neutron-ns-meta and ifconfig for which I haven't found any consequences yet).
Comment 1 lpeer 2013-08-21 07:50:05 EDT

*** This bug has been marked as a duplicate of bug 996776 ***

Note You need to log in before you can comment on or make changes to this bug.