With the recent move to writing issue snippets to /run/issue.d/ the NetworkManager dispatcher script fail because it's not allowed to write to /run/issue.d.
Reproduction steps
Getting NetworkManager-dispatcher.service to give useful logs was a tale on it's own. This worked for me :
cat /etc/systemd/system/NetworkManager-dispatcher.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/libexec/nm-dispatcher --debug --persist
StandardOutput=append:/tmp/nm-dispatcher-debug.log
StandardError=append:/tmp/nm-dispatcher-debug.log
Then you can run nmcli connection down <con_id> && nmcli connection up <con_id>
And see :
cat /tmp/nm-dispatcher-debug.log
mv: cannot move '/run/console-login-helper-messages/console-login-helper-messages.g0df6MTgsP.tmp' to '/run/issue.d/22_clhm_ens4.issue': Permission denied
Cause
After some investigation helped with AI agent I figured that was a SELinux denial :
/run/console-login-helper-messages/ where the tempfile is created is NetworkManager_dispatcher_console_var_run_t/run/issue.d is systemd_ssh_issue_var_run_t
Previously, the target was /etc/issue.d/ and the existing SELinux policy allowed the NM dispatcher domain to write there.
I did not test the udev approach to achieve the same.
With the recent move to writing issue snippets to
/run/issue.d/the NetworkManager dispatcher script fail because it's not allowed to write to/run/issue.d.Reproduction steps
Getting
NetworkManager-dispatcher.serviceto give useful logs was a tale on it's own. This worked for me :Then you can run
nmcli connection down <con_id> && nmcli connection up <con_id>And see :
Cause
After some investigation helped with AI agent I figured that was a SELinux denial :
/run/console-login-helper-messages/where the tempfile is created isNetworkManager_dispatcher_console_var_run_t/run/issue.dissystemd_ssh_issue_var_run_tPreviously, the target was /etc/issue.d/ and the existing SELinux policy allowed the NM dispatcher domain to write there.
I did not test the
udevapproach to achieve the same.