Hello. On Wed, 28/09/2016 at 17.44 -0400, Colin Walters wrote: > > On Wed, Sep 28, 2016, at 02:06 PM, Guido Trentalancia wrote: > > > > When SELinux is enabled, do not create a symbolic link to a > > "resolv.conf" > > file outside /etc (e.g. in /var/run/NetworkManager), but instead > > create a > > regular file in /etc. > > > > This is to avoid creating policy permissions to read files in the > > other > > non-standard "resolv.conf" directories for each application that > > needs to > > access the network. > > Maybe better to: > > 1) Standardize e.g. `/run/resolv.conf` and have labeling set up for > it > 2) Change NetworkManager to label the file as `etc_t` which it likely > has permission to do so already
The two alternatives you suggest are either over-complicated and not convenient (1) or unfeasible (2, because the file is a symbolic link). Guido _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
