http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c1 --- Comment #1 from Sven Seeberg --- Alright, I somehow found a way to make it work. dnsmasq is installed on my system, but usually disabled. I wanted to see if dnsmasq can resolve hostnames. When I tried to start dnsmasq, I noticed the following error:

Jul 01 13:38:52 neptun dnsmasq[9703]: failed to read /etc/resolv.conf: Permission denied Jul 01 13:38:52 neptun dnsmasq[9703]: no servers found in /etc/resolv.conf, will retry

I then removed the symlink of /etc/resolv.conf and then copied the /var/run/netconfig/resolv.conf into its place. Now dnsmasq started up and all programs are able to resolv domain names. Why is this? How can I fix this permanently? Copying the /var/run/netconfig/resolv.conf is not a good solution. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c3 --- Comment #3 from Sven Seeberg --- Please ignore my last comment, wrong bug. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c5 Christian Boltz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #5 from Christian Boltz --- (In reply to Sven Seeberg from comment #4)

(In reply to Sven Seeberg from comment #1)

...

How can I fix this permanently? Copying the /var/run/netconfig/resolv.conf is not a good solution.

It seems AppArmor prevented accessing the file. I ran

...

aa-disable /usr/sbin/dnsmasq

to fix the problem for now. For some other reason, I'm not able to add /var/run/netconfig/resolv.conf as a readable file to the AppArmor profile of dnsmasq.

Better run aa-complain /usr/sbin/dnsmasq in such cases - that will put the profile into complain mode (allow everything, and log what would be denied). Also, please attach your /var/log/audit/audit.log (or the "grep dnsmasq" result for it) so that I can see what exactly gets denied. Oh, BTW - does it work if you install the update packages from https://build.opensuse.org/package/show/home:cboltz:branches:OBS_Maintained:... ? (Updating apparmor-profiles and apparmor-abstractions should be enough in this case.) Note: you'll have to run aa-enforce or aa-complain for the dnsmasq profile to undo the aa-disable (or remove the symlink in /etc/apparmor.d/disable/ manually and run "rcapparmor reload") -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c7 --- Comment #7 from Sven Seeberg --- The message

ERROR: Path doesn't start with / or variable: libvirt_leaseshelper

comes from this section in the usr.sbin.dnsmas:

profile libvirt_leaseshelper { #include

/etc/libnl-3/classid r,

/usr/lib{,64}/libvirt/libvirt_leaseshelper m,

owner @{PROC}/@{pid}/net/psched r, owner @{PROC}/@{pid}/status r,

/sys/devices/system/cpu/ r, /sys/devices/system/node/ r, /sys/devices/system/node/*/meminfo r,

# libvirt lease and status files for dnsmasq /var/lib/libvirt/dnsmasq/*.leases rw, /var/lib/libvirt/dnsmasq/*.status* rw,

/{,var/}run/leaseshelper.pid rwk, }

More specifically, the error comes from the first line (profile) in the quote. I can comment the content of the section and aa-enforce still throws an error. As soon as I comment the full section, it works. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c10 --- Comment #10 from Christian Boltz --- (In reply to Sven Seeberg from comment #9)

1) Is this AppArmor error actually a bug or something that is specific to my system as well? I'm not sure, but I don't mind if we assume that it is specific to my system.

ERROR: Path doesn't start with / or variable: libvirt_leaseshelper is a bug in the AppArmor tools, and IIRC I fixed it in the meantime. Can you please install more packages from the upcoming update and try again? In theory apparmor-utils and python3-libapparmor should be enough, but it's probably easier to update all packages from home:cboltz:branches:OBS_Maintained:apparmor ;-) -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c12 --- Comment #12 from Sven Seeberg --- (In reply to Christian Boltz from comment #10)

In theory and python3-libapparmor should be enough, but it's probably easier to update all packages from home:cboltz:branches:OBS_Maintained:apparmor ;-)

Installed the packages. However, I only see a libapparmor1 package. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1139903 http://bugzilla.opensuse.org/show_bug.cgi?id=1139903#c14 Sven Seeberg changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #14 from Sven Seeberg --- That fixed it - some packages were missing (python3-apparmor, apparmor-utils, apparmor-utils-lang, perl-apparmor). Thanks for helping out. I'll set this bug to resolved invalid, because the problem (most likely) was a manually broken RPM database a longer time ago. Sorry for causing trouble and thanks again for helping. -- You are receiving this mail because: You are on the CC list for the bug.