English
Ask Your Question
1

Issues establishing network bridge on Fedora 16

asked 2011-11-18 19:06:28 +0000

sgordon gravatar image

I am currently trying to configure a bridge on Fedora 16. Ultimately what I want is for my ethernet device and the bridge to be managed using the network service and for my wireless to continue to be managed by NetworkManager. I have successfully set this up on my other F16 machine but encounter issues starting the network service on this one.

The configuration files involved are (at the point I added/edited these both the network and NetworkManager services are stopped):

#cat /etc/sysconfig/network-scripts/ifcfg-em1 
DEVICE=em1
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="dhcp"
HWADDR=F0:DE:F1:08:51:4C
BRIDGE=br0
NM_CONTROLLED="no"

# cat /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
TYPE=Bridge
BOOTPROTO="dhcp"
ONBOOT="yes"
NM_CONTROLLED="no"

I then try to start the network service:

# service network start
Starting network (via systemctl):  Job failed. See system logs and 'systemctl status' for details.
                                                           [FAILED]

On further inspection it appears that the devices were in fact brought up as configured and the bridge is working. The cause of the failure appears to be the following SELinux issues I found in /var/log/messages:

Nov 18 13:27:23 zugzug NET[6784]: /sbin/dhclient-script : updated /etc/resolv.conf
Nov 18 13:27:23 zugzug kernel: [964724.141382] type=1400 audit(1321640843.286:11): avc:  denied  { read } for  pid=6790 comm="sed" name="resolv.conf" dev=dm-0 ino=132569 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.141405] type=1400 audit(1321640843.286:12): avc:  denied  { open } for  pid=6790 comm="sed" name="resolv.conf" dev=dm-0 ino=132569 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.141447] type=1400 audit(1321640843.286:13): avc:  denied  { ioctl } for  pid=6790 comm="sed" path="/etc/resolv.conf" dev=dm-0 ino=132569 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.141468] type=1400 audit(1321640843.286:14): avc:  denied  { getattr } for  pid=6790 comm="sed" path="/etc/resolv.conf" dev=dm-0 ino=132569 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.141935] type=1400 audit(1321640843.286:15): avc:  denied  { create } for  pid=6790 comm="sed" name="sedTecezd" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.142032] type=1400 audit(1321640843.286:16): avc:  denied  { write } for  pid=6790 comm="sed" name="sedTecezd" dev=dm-0 ino=135214 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.142359] type=1400 audit(1321640843.287:17): avc:  denied  { setattr } for  pid=6790 comm="sed" name="sedTecezd" dev=dm-0 ino=135214 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_tmp_t:s0 tclass=file
Nov 18 13:27:23 zugzug kernel: [964724.142434] type=1400 audit ...
(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2011-11-18 20:35:22 +0000

Sadly, I've always found the easiest way to troubleshoot SELinux is to turn it off...

You can edit /etc/selinux/config if you want to set it to disabled and then reboot.

Otherwise, http://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199 has a section on Relabeling Files that will probably help you out.

edit flag offensive delete link more
1

answered 2013-08-07 12:19:33 +0000

Try: restorecon -RvF /etc

Your /etc/resolv.conf has wrong security context. It should have net_conf_t.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers. If a question you asked has been answered, accept the best answer by clicking on the checkbox on the left side of the answer.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Stats

Asked: 2011-11-18 19:06:28 +0000

Seen: 4,998 times

Last updated: Aug 07 '13