Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1231798
Summary: | SELinux is preventing dnssec-trigger- from 'search' accesses on the directory /etc/NetworkManager. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stephen Gallagher <sgallagh> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | bgvaughan, dominick.grift, dpo, dwalsh, lvrabec, mgrepl, plautrba, thozza, wolfgang.gradl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:4cb0afbd8fe3ea09c04ee9699dc6e03efe611fe44505b49595d15a399d8f41f0 | ||
Fixed In Version: | selinux-policy-3.13.1-128.4.fc22 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-10 19:15:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1182488 |
Description
Stephen Gallagher
2015-06-15 12:20:13 UTC
Description of problem: dnssec-trigger-script checks NetworkManager configuration, which is located in /etc/NetworkManager/ to determine, if NM is handling the /etc/resolv.conf. Thus dnssec-trigger should be able to do that. Version-Release number of selected component: selinux-policy-3.13.1-128.1.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.5-300.fc22.x86_64 type: libreport *** Bug 1235289 has been marked as a duplicate of this bug. *** *** Bug 1235290 has been marked as a duplicate of this bug. *** commit 3ab83c12ec8513ef0df2fb88c25b69685a5f15b6 Author: Lukas Vrabec <lvrabec> Date: Fri Jun 26 11:13:52 2015 +0200 Allow dnssec_trigger_t read networkmanager conf files. BZ(1231798) commit 40ff8d408a822ccd1a4c2597c24c06a156cfc793 Author: Lukas Vrabec <lvrabec> Date: Fri Jun 26 11:10:49 2015 +0200 Allow in networkmanager_read_conf() also read NetworkManager_etc_rw_t files. BZ(1231798) selinux-policy-3.13.1-128.4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-128.4.fc22 Package selinux-policy-3.13.1-128.4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-128.4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10974/selinux-policy-3.13.1-128.4.fc22 then log in and leave karma (feedback). Description of problem: upgrade to F22 workstation from F20 (with fedup) dnf install dnssec-trigger systemctl start dnssec-triggerd Version-Release number of selected component: selinux-policy-3.13.1-128.2.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.6-300.fc22.x86_64 type: libreport 1. Update selinux-policy package. 2. Use: # restorecon -R -v / to fix labels. selinux-policy-3.13.1-128.4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |