dnsmasq: failed to create IPset control socket: Permission denied
When I start dnsmasq service in CentOS 7, I get such status:
This is because I add a wblist.conf in /etc/dnsmasq.d/wblist.conf
cat wblist.conf
# for router itself
server=/google.com.tw/192.168.8.20#53
ipset=/google.com.tw/gfwlist
ipset -L gfwlist
Name: gfwlist
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16784
References: 0
Members:
But if I COMMENT the ipset line, the service can be restarted successfully.
I don't know why. I have used dnsmasq/ipset for a long time, but suddenly got this problem.
Have anyone met this situation?
Disable SElinux is not recommend.
You can solve this problem by create and install a SELinux Policy Modules.
First you need create a type enforcement rules file called my-dnsmasq.te, content like below:
module my-dnsmasq 1.0;
require {
type dnsmasq_t;
class netlink_socket { bind create write };
}
#============= dnsmasq_t ==============
allow dnsmasq_t self:netlink_socket { bind create write };
Now you can compile it into a policy module package file:
checkmodule -M -m -o my-dnsmasq.mod my-dnsmasq.te
semodule_package -o my-dnsmasq.pp -m my-dnsmasq.mod
Once you get the policy module package file my-dnsmasq.pp, install it:
sudo semodule -i my-dnsmasq.pp
Finally, restart the dnsmasq.service:
sudo systemctl restart dnsmasq
And make a test like below:
nslookup google.com.tw
ipset list gfwlist
If everything is fine, you will see a ip is added to ipset.
- Docker cannot resolve DNS on private network
- dnsmasq: failed to start DNS caching server
- Network DNS between pods in rootless Podman
- Is there a way to use DNSMasq and BIND on the same computer?
- dnsmasq tags and conditional dns server
- Docker container internal vs external dns resolution issue using Traefik
- How to configure wildcard subdomains for authoritative (auth) dnsmasq dns server?
- dnsmasq: failed to create IPset control socket: Permission denied
- Valet Stopped Working after macOS High Sierra Upgrade from macOS Sierra
- How to change libvirt DHCP lease time
- Dnsmasq Container entering shell
- Consul endpoint doesnt resolve, nslookup works but not ping
- cname configuration in dnsmasq
- sed to delete undesirable dnsmasq conf file lines
- dnsmasq, serve different ip addresses based on interface used
- DNS not working within docker containers when host uses dnsmasq and Google's DNS server are firewalled?
- dnsmasq forwards local request despite domain-needed
- Redirect dnsmasq.conf file to some other file
- Captive Portal for Android Phone did not pop up
- dnsmasq with iPhone failing
- Problems with DNSMasq (Port 53 error, Ubuntu 18)
- MacOS Dnsmasq High Sierra 403 Forbidden error
- Wireless Access Point Communication with phone works for Android but not receiving any requests from IOS?
- How to know the default value of maximum TTL for Dnsmasq
- Docker container can only access internet with --net=host
- DNSMasq issue with nslookups on CentOS 7.8. I am getting no ANSWERS for AAAA records and always getting REFUSED
- Custom domain use CNAME in local test
- Unable to run multiple dnsmasq dhcp servers on ubuntu 18.04
- Install pihole over bind9
- Identify device from public DNS server