On Tue, Oct 11, 2016, at 06:12 PM, Jason Brooks wrote:
> I'm seeing an selinux denial preventing resolv.conf from being updated:
>
> Oct 11 22:05:46 atomic01.example.org audit[1304]: AVC avc: denied {
> write } for pid=1304 comm="dhclient-script" name="NetworkManager"
> dev="tmpfs" ino=22077
> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=dir
> permissive=0
There's an upstream discussion related to this:
https://mail.gnome.org/archives/networkmanager-list/2016-September/msg00039.html
Which, if you see my reply, I think his patch is wrong, but the fix
should likely live in NM.
Also, way back in the past...
http://www.spinics.net/linux/fedora/fedora-cloud/msg06264.html
which again seems to have been lost because I didn't commit it to the master
branch =(
Also: https://bugzilla.redhat.com/show_bug.cgi?id=1204226
But hey, let's make another try at this, and we actually want this to apply on
bare metal too, so:
https://pagure.io/fedora-atomic/pull-request/23
That said...I'm not reproducing this here, /run/NetworkManager/resolv.conf
seems to be correctly labeled net_conf_t here.
> Also, this "Warning: NetworkManager.service changed on disk. Run
> 'systemctl daemon-reload'" message when I check the status of
> NetworkManager.
I suspect systemd needs the same "handle zero mtime" fix
as I did for gnutls.
_______________________________________________
cloud mailing list -- cloud@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to cloud-leave@xxxxxxxxxxxxxxxxxxxxxxx
