| Description | Description of problem:
SELinux is preventing /usr/sbin/NetworkManager from 'unlink' accesses on the file resolv.conf.
***** Plugin catchall_labels (83.8 confidence) suggests *******************
If you want to allow NetworkManager to have unlink access on the resolv.conf file
Then 必须更改 resolv.conf 中的标签
Do
# semanage fcontext -a -t FILE_TYPE 'resolv.conf'
其中 FILE_TYPE 为以下内容之一:NetworkManager_etc_rw_t, NetworkManager_tmp_t, NetworkManager_var_lib_t, NetworkManager_var_run_t, dhcpc_state_t, dhcpc_var_run_t, dnsmasq_var_run_t, hostname_etc_t, named_cache_t, net_conf_t, pppd_var_run_t, systemd_passwd_var_run_t。
然后执行:
restorecon -v 'resolv.conf'
***** Plugin catchall (17.1 confidence) suggests **************************
If 确定应默认允许 NetworkManager unlink 访问 resolv.conf file。
Then 应该将这个情况作为 bug 报告。
可以生成本地策略模块以允许此访问。
Do
allow this access for now by executing:
# ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager
# semodule -i my-NetworkManager.pp
Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context unconfined_u:object_r:etc_t:s0
Target Objects resolv.conf [ file ]
Source NetworkManager
Source Path /usr/sbin/NetworkManager
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.13.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.6.1.el7.x86_64 #1 SMP
Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64
Alert Count 4
First Seen 2017-02-06 21:52:05 CST
Last Seen 2017-02-06 21:56:34 CST
Local ID c4122f56-a104-4390-9372-b8d0cfe0a4a4
Raw Audit Messages
type=AVC msg=audit(1486389394.177:199): avc: denied { unlink } for pid=648 comm="NetworkManager" name="resolv.conf" dev="sda3" ino=101769123 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
Hash: NetworkManager,NetworkManager_t,etc_t,file,unlink
Version-Release number of selected component:
selinux-policy-3.13.1-102.el7_3.13.noarch
|
|---|
