[Dnsmasq-discuss] dnsmasq can't read some of the config files

fred at damen.org fred at damen.org
Mon Feb 4 16:24:49 GMT 2013


On Mon, February 4, 2013 9:21 am, Simon Kelley wrote:
> On 04/02/13 15:16, Richard Crane wrote:
>>
>> On Jan 31, 2013, at 4:39 PM, Richard Crane wrote:
>>
>>> I am setting up  a test environment with an instance of dnsmasq 2.59
>>> running.  I copied over my config files from my production server.
>>>  The dnsmasq.conf file is read, but my customized resolver and hosts
>>> files are not:
>>>
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: started, version 2.59 cachesize 500
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: compile time options: IPv6
>>>> GNU-getopt DBus i18n DHCP TFTP no-conntrack IDN
>>>> Jan 31 14:09:32 scully dnsmasq-dhcp[3543]: DHCP, IP range 172.20.2.1
>>>> -- 172.20.2.254, lease time 7d
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: using local addresses only for
>>>> domain 20.172.in-arpa.addr
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: using local addresses only for
>>>> domain haskins.lab
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: failed to read
>>>> /etc/dnsmasq_resolv: Permission denied
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: no servers found in
>>>> /etc/dnsmasq_resolv, will retry
>>>> Jan 31 14:09:32 scully dnsmasq[3543]: failed to load names from
>>>> /etc/dnsmasq_hosts: Permission denied
>>>
>>> I am using the default dnsmasq userid, but have tried using root,
>>> using another userid (modifying "root=" and "group="
>>> appropriately in the .conf file) -- nothing helps.  System is opensuse
>>> 12.1, no ACLs; ls -l
>>>
>>>
>>>>  # ls -ld /etc/dnsmasq*
>>>> -rw-r--r-- 1 root root    842 Jan 17 10:00
>>>> /etc/dnsmasq-dhcp-static-hosts.conf
>>>> -rw-r--r-- 1 root root     98 Jan 31 12:02 /etc/dnsmasq-foo
>>>> -rw-r--r-- 1 root users 14832 Jan 31 14:06 /etc/dnsmasq.conf
>>>> -rw-r--r-- 1 root root   3701 Jan  9 10:00 /etc/dnsmasq_hosts
>>>> -rw-r--r-- 1 root root     98 Sep 13  2006 /etc/dnsmasq_resolv
>>>
>>> shows 644 for all the files. Running strace shows file open RO but a
>>> Permissed denied error.
>>>
>>
>>
>> I solved my problem by upgrading dnsmasq, but I still don't understand
>> how it could happen.  Has anyone ever run into something like this?
>>
>>
>
> I'm not aware of any fixed bugs post 2.59 that could explain things.
>
> Simon.

This smells of SELinux.  I suspect that you copied the files in a way that
eliminated the SELinux tags on the files.  When the package handler
reinstalled dsnmasq it probably reset the proper SELinux tags on these files.
Just a guess, but these type of things are why I generally wind up putting
SELinux into permissive mode.  (security too complex for the average idiot,
e.g., me, generally back fires and makes the system even less secure.)

Fred

>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>




More information about the Dnsmasq-discuss mailing list