DNS mystery: NetworkManager vs SELinux
D. Hugh Redelmeier
hugh at mimosa.com
Fri Sep 16 02:28:33 UTC 2011
| From: Daniel J Walsh <dwalsh at redhat.com>
| Well I just tried to run NetworkManager as root and see something
| similar, although I also end up with the resolv.conf having bogus data
| in it. I can fix F16 to label this correctly if it happens. But we
| can not fix this in F15.
I'm glad you can fix it. It won't affect me in the future: I don't
imagine I'll be so dumb as to manually run NM when it is already
running.
Is fixing it in SELinux policy the right way of doing this? I would
have guessed that it was a Network Manager bug(s):
- if it cannot be *the* Network Manager, it shouldn't write to
/etc/resolv.conf
- if it cannot update /etc/resolv.conf, it should
1) complain in some noticable way (it currently logs this in
/var/log/messages, but that isn't very visible, especially
considering the amount of other spew it puts in there)
2) not show status as hunky dorry.
| If setroubleshoot was running you would see a message in
| /var/log/messages about selinux preventing some access, you should
| also see the setroubleshoot blob down the bottom of the screen and if
| you move your mouse to the bottom right hand corner, you should see a
| menu appear and have the "CheckEngineLight" logo for setroubleshoot.
I don't see that. So I guess that it isn't running.
ps doesn't show it running. I assume that it is a daemon that should
be running all the time.
| yum install setroubleshoot
|
| Will install the package although I thought it was part of the default
| desktop.
It was installed.
I can manually run it and it reports (retrospecively) the problem.
Under System Settings (or any other GUI System Tool) I don't see a way of
setting what should be run when starting a session.
More information about the users
mailing list