another selinux question

Daniel J Walsh dwalsh at redhat.com
Wed Feb 2 23:21:29 UTC 2005


Tim Fenn wrote:

>On Wed, Feb 02, 2005 at 11:26:03AM -0800, Darren Grant wrote:
>  
>
>>Change selinux to allow Dynamic DNS:
>>
>>Edit the following file and change the '0' to '1':
>>
>>/etc/selinux/targeted/booleans
>>named_write_master_zones=1
>>
>>    
>>
>
>I'll check this out, but the error seems to be related to a search,
>not a write call.  More explicitly, my logs show (and I should have
>included the gritty details and not just the selinux error in my OP):
>
>dhcpd: Internet Systems Consortium DHCP Server V3.0.1
>dhcpd: Copyright 2004 Internet Systems Consortium.
>dhcpd: All rights reserved.
>dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
>audit(1107297176.619:0): avc:  denied  { search }
>for  pid=8099 exe=/usr/sbin/dhcpd name=named dev=sda1 ino=1295119
>scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:named_zone_t
>tclass=dir
>dhcpd: Can't open /etc/rndc.key: Permission denied
>dhcpd:
>...
>dhcpd: exiting.
>
>My current workaround was to make a hard link from /etc/rndc.key from
>/var/named/chroot/etc/rndc.key, comment out this line from
>/etc/selinux/targeted/contexts/files/file_contexts:
>
>/etc/rndc.*             --      system_u:object_r:named_conf_t
>
>then run restorecon on /etc/rndc*, and then dhcpd started up fine, and
>writes to master zones also seems to be working.
>
>Alternative solutions are on the bugzilla report.
>
>Regards,
>Tim
>
>  
>
Yes this "fix" will not fix your problem.  We are working on a solution 
for you .




More information about the fedora-list mailing list