Re: DNS mystery: NetworkManager vs SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/13/2011 08:19 AM, Miroslav Grepl wrote:
> On 09/13/2011 06:48 AM, D. Hugh Redelmeier wrote:
>> My netbook has a rather vanilla installation of F15.
>> 
>> I tried a new desktop.  Wireless didn't work (long story, not
>> relevant) so I manually ran network manager (didn't help).  Then
>> I rebooted back to Gnome.
>> 
>> Wired networking seemed to no longer work.  Actually, networking
>> worked but no domain names could be resolved.
>> 
>> After a lot of ineffective poking about (based on my deep
>> understanding of how things worked in the good old days before
>> NM), I discovered (with help) the problem.
>> 
>> NM creates a new /etc/resolv.conf.tmp whenever it learns (through
>> DHCP or whatever) what the name servers are.  On my system, it
>> could not manage to replace /etc/resolv.conf.  /var/log/messages
>> showed: <warn>  could not commit DNS changes: (0) Could not
>> replace /etc/resolv.conf: permission denied
>> 
>> "ls -l /etc/resolv.conf*" showed nothing scary.  But "ls -lZ"
>> did.
>> 
>> Something had labeled /etc/resolv.conf
>> unconfined_u:object_r:etc_t:s0 instead of
>> system_u:object_r:net_conf_t:s0
>> 
>> Fix: "restorecon /etc/resolv.conf"
>> 
>> How the heck is an ordinary user supposed to figure this out?
> Could you open a new bug on selinux-policy component and we can
> discuss it there.
> 
> Regards, Miroslav


There might have been a bug in the installation that labeled the
/etc/resolv.conf incorrectly,  Now that the label is correct, if it
gets mislabeled again we know we have a problem.  Running the
setroubleshoot problem would have given you a heads up on how to fix.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5vXyIACgkQrlYvE4MpobOzkQCfbZ/xTW1lvjYLf5NVogcgSB8W
8pIAoLX/dxydmG3WCSee2KTR3IEXSbxE
=pPPy
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux