-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2011 10:28 PM, D. Hugh Redelmeier wrote: > | From: Daniel J Walsh <dwalsh@xxxxxxxxxx> > > | Well I just tried to run NetworkManager as root and see > something | similar, although I also end up with the resolv.conf > having bogus data | in it. I can fix F16 to label this correctly > if it happens. But we | can not fix this in F15. > > I'm glad you can fix it. It won't affect me in the future: I > don't imagine I'll be so dumb as to manually run NM when it is > already running. > > Is fixing it in SELinux policy the right way of doing this? I > would have guessed that it was a Network Manager bug(s): > > - if it cannot be *the* Network Manager, it shouldn't write to > /etc/resolv.conf > > - if it cannot update /etc/resolv.conf, it should > > 1) complain in some noticable way (it currently logs this in > /var/log/messages, but that isn't very visible, especially > considering the amount of other spew it puts in there) > > 2) not show status as hunky dorry. > > | If setroubleshoot was running you would see a message in | > /var/log/messages about selinux preventing some access, you should > | also see the setroubleshoot blob down the bottom of the screen > and if | you move your mouse to the bottom right hand corner, you > should see a | menu appear and have the "CheckEngineLight" logo for > setroubleshoot. > > I don't see that. So I guess that it isn't running. > > ps doesn't show it running. I assume that it is a daemon that > should be running all the time. > > | yum install setroubleshoot | | Will install the package although > I thought it was part of the default | desktop. > > It was installed. > > I can manually run it and it reports (retrospecively) the problem. > > Under System Settings (or any other GUI System Tool) I don't see a > way of setting what should be run when starting a session. You can open a bug on this with NetworkManager. I am just trying to maintain the label on it. When you run NetworkManager by hand it runs as unconfined_t, but NetworkManager creates /etc/resolv.conf.tmp and then renames it over /etc/resolv.conf, Which is causing the mislabeling. We have rules in F16 that says if unoconfined_t creates a file named resolv.conf in etc_t it will create it labeled net_conf_t, I just added a rule for resolv.conf.tmp To prevent your problem. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5zaJYACgkQrlYvE4MpobNlBwCfRo7Dz7kHQX+5M7cBeDaRcdUm X+oAoOJM146W7p4jCve7y6989QXQzagL =d9BY -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
