DNS mystery: NetworkManager vs SELinux
D. Hugh Redelmeier
hugh at mimosa.com
Tue Sep 13 06:48:30 UTC 2011
My netbook has a rather vanilla installation of F15.
I tried a new desktop. Wireless didn't work (long story, not relevant) so
I manually ran network manager (didn't help). Then I rebooted back to
Gnome.
Wired networking seemed to no longer work. Actually, networking worked
but no domain names could be resolved.
After a lot of ineffective poking about (based on my deep understanding of
how things worked in the good old days before NM), I discovered (with
help) the problem.
NM creates a new /etc/resolv.conf.tmp whenever it learns (through DHCP or
whatever) what the name servers are. On my system, it could not manage to
replace /etc/resolv.conf. /var/log/messages showed:
<warn> could not commit DNS changes: (0) Could not replace /etc/resolv.conf: permission denied
"ls -l /etc/resolv.conf*" showed nothing scary. But "ls -lZ" did.
Something had labeled /etc/resolv.conf unconfined_u:object_r:etc_t:s0
instead of system_u:object_r:net_conf_t:s0
Fix: "restorecon /etc/resolv.conf"
How the heck is an ordinary user supposed to figure this out?
More information about the users
mailing list