[Bug 1200673] New: [SELinux] dnsmasq: failed to create inotify for /etc/resolv.conf: Permission denied (when starting virtual network default)
https://bugzilla.suse.com/show_bug.cgi?id=1200673 Bug ID: 1200673 Summary: [SELinux] dnsmasq: failed to create inotify for /etc/resolv.conf: Permission denied (when starting virtual network default) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mcepl@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- This is actually probably just a duplicate of the Red Hat bug https://bugzilla.redhat.com/show_bug.cgi?id=1453114, with SELinux Enforcing on openSUSE/Tumbleweed (yes, that's my adrenalin sport) I cannot start default virtual network: I get this in the log: stitny:~ # ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today|grep dns type=AVC msg=audit(06/18/22 11:38:45.958:193) : avc: denied { watch } for pid=6907 comm=dnsmasq path=/run/netconfig dev="tmpfs" ino=1685 scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0 type=AVC msg=audit(06/18/22 11:41:23.686:258) : avc: denied { watch } for pid=7922 comm=dnsmasq path=/run/netconfig dev="tmpfs" ino=1685 scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0 type=AVC msg=audit(06/18/22 11:43:34.664:308) : avc: denied { watch } for pid=8218 comm=dnsmasq path=/run/netconfig dev="tmpfs" ino=1685 scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=1 stitny:~ # Using libvirt-glib-1_0-0-4.0.0-1.8.x86_64 libvirt-libs-8.4.0-1.1.x86_64 libvirt-daemon-qemu-8.4.0-1.1.x86_64 libvirt-client-8.4.0-1.1.x86_64 selinux-policy-20220124-3.4.noarch libvirt-daemon-8.4.0-1.1.x86_64 dnsmasq-2.86-4.3.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1200673
https://bugzilla.suse.com/show_bug.cgi?id=1200673#c1
--- Comment #1 from Matej Cepl
https://bugzilla.suse.com/show_bug.cgi?id=1200673
https://bugzilla.suse.com/show_bug.cgi?id=1200673#c2
--- Comment #2 from Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1200673
Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1200673
Filippo Bonazzi
https://bugzilla.suse.com/show_bug.cgi?id=1200673
Matej Cepl
https://bugzilla.suse.com/show_bug.cgi?id=1200673
https://bugzilla.suse.com/show_bug.cgi?id=1200673#c5
--- Comment #5 from Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1200673
Filippo Bonazzi
https://bugzilla.suse.com/show_bug.cgi?id=1200673
https://bugzilla.suse.com/show_bug.cgi?id=1200673#c6
Johannes Segitz
participants (1)
-
bugzilla_noreply@suse.com