Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1215376
Summary: | [abrt] dnssec-trigger: dnssec-trigger-script:473:_write_resolv_conf:PermissionError: [Errno 13] Permission denied: '/etc/.resolv.conf.dnssec-trigger' | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | lso | ||||||
Component: | dnssec-trigger | Assignee: | Paul Wouters <pwouters> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 21 | CC: | bgvaughan, cra, dominik, lso, orthidax, pj.pandit, psimerda, pspacek, pwouters, thozza | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Unspecified | ||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/4e0ea39c7292fa9065cbe1ef6050c38ae0341604 | ||||||||
Whiteboard: | abrt_hash:1f8de9cfac906eab6955f0983071b48881f3f6ab | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-07-15 13:24:50 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1182488 | ||||||||
Attachments: |
|
Description
lso
2015-04-26 02:18:51 UTC
Created attachment 1018928 [details]
File: backtrace
Created attachment 1018929 [details]
File: environ
Hello. Thank you for your report. Do you have SELinux enabled (and in enforcing mode)? Can you see any AVCs related to this issue? Thanks! I'm getting the same error while resuming from suspend. The following AVCs seem to be related: type=AVC msg=audit(1430811010.631:660): avc: denied { search } for pid=3018 comm="dnssec-trigger-" name=".local" dev="dm-2" ino=1050573 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.696:661): avc: denied { create } for pid=3018 comm="dnssec-trigger-" name=".resolv.conf.dnssec-trigger" scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.705:662): avc: denied { execute } for pid=3020 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.706:663): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:664): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:665): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.706:666): avc: denied { dac_override } for pid=3018 comm="dnssec-trigger-" capability=1 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0 type=AVC msg=audit(1430811010.707:667): avc: denied { execute } for pid=3021 comm="dnssec-trigger-" name="ldconfig" dev="dm-2" ino=267166 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0 type=AVC msg=audit(1430811010.708:668): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="/" dev="tmpfs" ino=12483 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:669): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:670): avc: denied { write } for pid=3018 comm="dnssec-trigger-" name="tmp" dev="dm-4" ino=783363 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1430811010.708:671): avc: denied { dac_override } for pid=3018 comm="dnssec-trigger-" capability=1 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0 type=AVC msg=audit(1430811010.711:672): avc: denied { net_admin } for pid=3018 comm="dnssec-trigger-" capability=12 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:system_r:dnssec_trigger_t:s0 tclass=capability permissive=0 SELinux is installed and configured for enforcement. I also noticed that the immutable bit is being set for the /etc/resolv.conf file. Here is the output. root@Adelie:[29]# ls -al resolv.conf* -r--r--r--. 1 root root 56 2015-04-26 10:25 resolv.conf -rw-r--r--. 1 root root 245 2015-04-25 22:52 resolv.conf.tmp root@Adelie:[29]# ls -alZ resolv.conf* -r--r--r--. root root system_u:object_r:net_conf_t:s0 resolv.conf -rw-r--r--. root root system_u:object_r:net_conf_t:s0 resolv.conf.tmp root@Adelie:[34]# lsattr resolv.conf ----i--------e-- resolv.conf root@Adelie:[35]# chattr -i resolv.conf root@Adelie:[36]# lsattr resolv.conf -------------e-- resolv.conf Packages selinux-policy and selinux-policy-targeted are installed. *** This bug has been marked as a duplicate of bug 1210250 *** |