Re: NM, dnsmasq, and --conf-dir

From: Pavel Simerda <psimerda redhat com>
To: Gene Czarcinski <gene czarc net>
Cc: networkmanager-list gnome org
Subject: Re: NM, dnsmasq, and --conf-dir
Date: Sun, 2 Sep 2012 06:09:05 -0400 (EDT)

> From: "Gene Czarcinski" <gene czarc net>
> On 09/01/2012 03:24 PM, Gene Czarcinski wrote:
> > OK, I have been doing some testing with NM's new use of dnsmasq.
> > But,
> > I am running Fedora 17 and I needed the --conf-dir= capability Just
> > getting the 0.9.7.0 package from rawhide and rebuilding had far too
> > many other packages required to do that.

Just curious, what other packages are those? I don't think 0.9.7 has many new
dependencies.

> > However, it was pretty
> > easy
> > to look at the code implementing "--conf-dir=" in the 0.9.7.0 and
> > make
> > a patch for the current 0.9.4.0-9 and rebuild that.  Works fine ...
> > sort of.
> >
> > I am not putting in a bugzilla report on this because I am not sure
> > that it is not fixed elsewhere.  The problems:
> >
> > 1. /etc/NetworkManager/dnsmasq.d does not exist and dnsmasq startup
> > fails.  Ok, just do a mkdir.  The NM spec file needs to be updated.

This should be done by make install, actually.

> > 2. selinux did not like dnsmasq going into NM's files.  This is
> > what
> > ultimately fixed it (plus some restorecon usage).

That could be expected. And we will probably have more selinux fixes in the future.

> >> module mypol3 1.0;
> >>
> >> require {
> >>     type NetworkManager_etc_t;
> >>     type dnsmasq_t;
> >>     class dir { read search open };
> >> }
> >>
> >> #============= dnsmasq_t ==============
> >> allow dnsmasq_t NetworkManager_etc_t:dir open;
> >> #!!!! This avc is allowed in the current policy
> >>
> >> allow dnsmasq_t NetworkManager_etc_t:dir { read search };
> >
> > Just a heads up to maybe save some time.
> >
> Mmm ... it took a few more tries to get selinux correctly configured.
> The above gets access to the directory.

Thanks.

> Here is what was needed to get access to the file:
> 
> >     type NetworkManager_etc_t;
> >     type dnsmasq_t;
> >     class file { read getattr open };
> > }
> >
> > #============= dnsmasq_t ==============
> > allow dnsmasq_t NetworkManager_etc_t:file open;
> > #!!!! This avc is allowed in the current policy
> >
> > allow dnsmasq_t NetworkManager_etc_t:file { read getattr };
> 
> Gene

Thx.

Pavel

References:
- Re: NM, dnsmasq, and --conf-dir
  - From: Gene Czarcinski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]