On Tue, Oct 11, 2016, at 06:12 PM, Jason Brooks wrote:

> I'm seeing an selinux denial preventing resolv.conf from being updated:
> Oct 11 22:05:46 atomic01.example.org audit[1304]: AVC avc:  denied  {
> write } for  pid=1304 comm="dhclient-script" name="NetworkManager"
> dev="tmpfs" ino=22077
> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=dir
> permissive=0

There's an upstream discussion related to this:

Which, if you see my reply, I think his patch is wrong, but the fix
should likely live in NM.

Also, way back in the past...
which again seems to have been lost because I didn't commit it to the master
branch =(

Also: https://bugzilla.redhat.com/show_bug.cgi?id=1204226

But hey, let's make another try at this, and we actually want this to apply on
bare metal too, so:


That said...I'm not reproducing this here, /run/NetworkManager/resolv.conf
seems to be correctly labeled net_conf_t here.

> Also, this "Warning: NetworkManager.service changed on disk. Run
> 'systemctl daemon-reload'" message when I check the status of
> NetworkManager.

I suspect systemd needs the same "handle zero mtime" fix
as I did for gnutls.
cloud mailing list -- cloud@lists.fedoraproject.org
To unsubscribe send an email to cloud-le...@lists.fedoraproject.org

Reply via email to