| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012787 | CentOS-7 | selinux-policy | public | 2017-02-06 14:05 | 2021-10-05 14:51 |
| Reporter | StarsKim | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0012787: SELinux is preventing /usr/sbin/NetworkManager from 'unlink' accesses on the file resolv.conf. | ||||
| Description | Description of problem: SELinux is preventing /usr/sbin/NetworkManager from 'unlink' accesses on the file resolv.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow NetworkManager to have unlink access on the resolv.conf file Then 必须更改 resolv.conf 中的标签 Do # semanage fcontext -a -t FILE_TYPE 'resolv.conf' 其中 FILE_TYPE 为以下内容之一:NetworkManager_etc_rw_t, NetworkManager_tmp_t, NetworkManager_var_lib_t, NetworkManager_var_run_t, dhcpc_state_t, dhcpc_var_run_t, dnsmasq_var_run_t, hostname_etc_t, named_cache_t, net_conf_t, pppd_var_run_t, systemd_passwd_var_run_t。 然后执行: restorecon -v 'resolv.conf' ***** Plugin catchall (17.1 confidence) suggests ************************** If 确定应默认允许 NetworkManager unlink 访问 resolv.conf file。 Then 应该将这个情况作为 bug 报告。 可以生成本地策略模块以允许此访问。 Do allow this access for now by executing: # ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager # semodule -i my-NetworkManager.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context unconfined_u:object_r:etc_t:s0 Target Objects resolv.conf [ file ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-102.el7_3.13.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64 Alert Count 4 First Seen 2017-02-06 21:52:05 CST Last Seen 2017-02-06 21:56:34 CST Local ID c4122f56-a104-4390-9372-b8d0cfe0a4a4 Raw Audit Messages type=AVC msg=audit(1486389394.177:199): avc: denied { unlink } for pid=648 comm="NetworkManager" name="resolv.conf" dev="sda3" ino=101769123 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file Hash: NetworkManager,NetworkManager_t,etc_t,file,unlink Version-Release number of selected component: selinux-policy-3.13.1-102.el7_3.13.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-514.6.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 77261c568d4cfcbf07123b7b7e390e3dff8311e7b19383353fadd043dc635488 | ||||
| URL | |||||
 |
Another user experienced a similar problem: Probably occured after switching on VPN. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.42.2.el7.x86_64 package: selinux-policy-3.13.1-268.el7_9.2.noarch reason: SELinux is preventing /usr/sbin/NetworkManager from 'unlink' accesses on the soubor /etc/resolv.conf. reproducible: Not sure how to reproduce the problem type: libreport |
