On 09/01/2012 03:24 PM, Gene Czarcinski wrote:
OK, I have been doing some testing with NM's new use of dnsmasq. But,
I am running Fedora 17 and I needed the --conf-dir= capability Just
getting the 0.9.7.0 package from rawhide and rebuilding had far too
many other packages required to do that. However, it was pretty easy
to look at the code implementing "--conf-dir=" in the 0.9.7.0 and make
a patch for the current 0.9.4.0-9 and rebuild that. Works fine ...
sort of.
I am not putting in a bugzilla report on this because I am not sure
that it is not fixed elsewhere. The problems:
1. /etc/NetworkManager/dnsmasq.d does not exist and dnsmasq startup
fails. Ok, just do a mkdir. The NM spec file needs to be updated.
2. selinux did not like dnsmasq going into NM's files. This is what
ultimately fixed it (plus some restorecon usage).
module mypol3 1.0;
require {
type NetworkManager_etc_t;
type dnsmasq_t;
class dir { read search open };
}
#============= dnsmasq_t ==============
allow dnsmasq_t NetworkManager_etc_t:dir open;
#!!!! This avc is allowed in the current policy
allow dnsmasq_t NetworkManager_etc_t:dir { read search };
Just a heads up to maybe save some time.
Mmm ... it took a few more tries to get selinux correctly configured.
The above gets access to the directory.
Here is what was needed to get access to the file:
type NetworkManager_etc_t;
type dnsmasq_t;
class file { read getattr open };
}
#============= dnsmasq_t ==============
allow dnsmasq_t NetworkManager_etc_t:file open;
#!!!! This avc is allowed in the current policy
allow dnsmasq_t NetworkManager_etc_t:file { read getattr };
Gene
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
