It seems that uninstalling systemd-resolved and repointing /etc/resolv.conf ends up breaking chrony:
type=AVC msg=audit(1653741361.179:318): avc: denied { getattr } for pid=856 comm="chronyd" path="/run/NetworkManager/no-stub-resolv.conf" dev="tmpfs" ino=1525 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file permissive=0
This is spamming me every minute, now.
Bug 2091275
Symlinks obviously ends with non-expected SELinux contexts. I think this is actually a bug in SELinux policy for Network Manager. Because target file has wrong selinux context.
$ ls -Z /run/NetworkManager/no-stub-resolv.conf system_u:object_r:NetworkManager_var_run_t:s0 /run/NetworkManager/no-stub-resolv.conf $ ls -Z /etc/resolv.conf system_u:object_r:net_conf_t:s0 /etc/resolv.conf
Fix that by:
rm -f /etc/resolv.conf touch /etc/resolv.conf systemctl restart NetworkManager.service
If the file is good old plain text file, it would get permissions as it always had.
On 28. 05. 22 14:51, Sam Varshavchik wrote:
It seems that uninstalling systemd-resolved and repointing /etc/resolv.conf ends up breaking chrony:
type=AVC msg=audit(1653741361.179:318): avc: denied { getattr } for pid=856 comm="chronyd" path="/run/NetworkManager/no-stub-resolv.conf" dev="tmpfs" ino=1525 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file permissive=0
This is spamming me every minute, now.
Bug 2091275
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Petr Menšík writes:
Symlinks obviously ends with non-expected SELinux contexts. I think this is actually a bug in SELinux policy for Network Manager. Because target file has wrong selinux context.
$ ls -Z /run/NetworkManager/no-stub-resolv.conf system_u:object_r:NetworkManager_var_run_t:s0 /run/NetworkManager/no-stub- resolv.conf $ ls -Z /etc/resolv.conf system_u:object_r:net_conf_t:s0 /etc/resolv.conf
Fix that by:
rm -f /etc/resolv.conf touch /etc/resolv.conf systemctl restart NetworkManager.service
If the file is good old plain text file, it would get permissions as it always had.
this ends up creating /etc/resolv.conf as a plain file, rather than a symlink. But, I suppose, that works too.
On Sat, 04 Jun 2022 15:55:53 -0400 Sam Varshavchik wrote:
this ends up creating /etc/resolv.conf as a plain file, rather than a symlink. But, I suppose, that works too.
Perhaps people who want their own damn resolv.conf file are missing this obscure setting:
Try editing /etc/NetworkManager/NetworkManager.conf and putting dns=none after the [main] section entry.
That makes network manager leave the file alone, and you can put whatever you want in it (at least it does for me).
On Sat, 4 Jun 2022 16:07:12 -0400 Tom Horsley horsley1953@gmail.com wrote:
Try editing /etc/NetworkManager/NetworkManager.conf and putting dns=none after the [main] section entry.
I have to do this in order to use dns servers other than those the ISP provides with knot-resolver.
On 6/5/22 17:18, stan via users wrote:
On Sat, 4 Jun 2022 16:07:12 -0400 Tom Horsley horsley1953@gmail.com wrote:
Try editing /etc/NetworkManager/NetworkManager.conf and putting dns=none after the [main] section entry.
I have to do this in order to use dns servers other than those the ISP provides with knot-resolver.
Not really. You can also edit your connection and add ipv4.dns IP to the connection. Then it would use your IP first.
nmcli c edit enp0s31f6
print ipv4.dns set ipv4.dns 127.0.0.1 save activate quit
You can also set ipv4.ignore-auto-dns true to avoid autoconfigured addresses on that connection. It makes it possible to change it only per-connection.
Peter. Considering your 5 years here and the topic of systemd-resolved. I was wondering if you could help me to propose a default change to the installation of systemd-resolved that seems to have helped me keep it installed and working even with a Local DNS server in the mix. This approach https://wiki.archlinux.org/title/Systemd-resolved specifically : /etc/systemd/resolved.conf.d/dns_servers.conf [Resolve] DNS="Global_DNS_Server" With this configured to 8.8.4.4 I have all of my external DNS resolving and when I use NetworkManager to add a per link DNS (it ignores more then one per link) everything works... I think this is related to the removal of the Fallback DNS entries. Thank in Advanced JT
On 4 Jun 2022, at 21:07, Tom Horsley horsley1953@gmail.com wrote:
On Sat, 04 Jun 2022 15:55:53 -0400 Sam Varshavchik wrote:
this ends up creating /etc/resolv.conf as a plain file, rather than a symlink. But, I suppose, that works too.
Perhaps people who want their own damn resolv.conf file are missing this obscure setting:
Try editing /etc/NetworkManager/NetworkManager.conf and putting dns=none after the [main] section entry.
That makes network manager leave the file alone, and you can put whatever you want in it (at least it does for me).
Can you put all the config for your DNS into NetworkManager and have it manage the resolv.conf?
Barry
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
users@lists.stg.fedoraproject.org