DNS mystery: NetworkManager vs SELinux
Miroslav Grepl
mgrepl at redhat.com
Tue Sep 13 12:19:58 UTC 2011
On 09/13/2011 06:48 AM, D. Hugh Redelmeier wrote:
> My netbook has a rather vanilla installation of F15.
>
> I tried a new desktop. Wireless didn't work (long story, not relevant) so
> I manually ran network manager (didn't help). Then I rebooted back to
> Gnome.
>
> Wired networking seemed to no longer work. Actually, networking worked
> but no domain names could be resolved.
>
> After a lot of ineffective poking about (based on my deep understanding of
> how things worked in the good old days before NM), I discovered (with
> help) the problem.
>
> NM creates a new /etc/resolv.conf.tmp whenever it learns (through DHCP or
> whatever) what the name servers are. On my system, it could not manage to
> replace /etc/resolv.conf. /var/log/messages showed:
> <warn> could not commit DNS changes: (0) Could not replace /etc/resolv.conf: permission denied
>
> "ls -l /etc/resolv.conf*" showed nothing scary. But "ls -lZ" did.
>
> Something had labeled /etc/resolv.conf unconfined_u:object_r:etc_t:s0
> instead of system_u:object_r:net_conf_t:s0
>
> Fix: "restorecon /etc/resolv.conf"
>
> How the heck is an ordinary user supposed to figure this out?
Could you open a new bug on selinux-policy component and we can discuss
it there.
Regards,
Miroslav
More information about the users
mailing list