Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 212051 - default dnsmasq policy blocks access to /etc/resolv.conf
Summary: default dnsmasq policy blocks access to /etc/resolv.conf
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-02 11:06 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2008-03-13 12:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2008-03-02 11:06:52 UTC 
I have installed sec-policy/selinux-dnsmasq and get these messages in /var/log/avc.log:

Mar  2 12:01:26 hq audit(1204455686.638:610): avc:  denied  { getattr } for  pid=5410 comm="dnsmasq" path="/etc/resolv.conf" dev=hda5 ino=816345 scontext=system_u:system_r:dnsmasq_t tcontext=system_u:object_r:etc_runtime_t tclass=file

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        strict
Comment 1 Chris PeBenito (RETIRED) gentoo-dev 2008-03-13 12:46:07 UTC 
resolv.conf should be labeled net_conf_t, not etc_runtime_t.