On Wed, Feb 02, 2005 at 11:26:03AM -0800, Darren Grant wrote: > Change selinux to allow Dynamic DNS: > > Edit the following file and change the '0' to '1': > > /etc/selinux/targeted/booleans > named_write_master_zones=1 > I'll check this out, but the error seems to be related to a search, not a write call. More explicitly, my logs show (and I should have included the gritty details and not just the selinux error in my OP): dhcpd: Internet Systems Consortium DHCP Server V3.0.1 dhcpd: Copyright 2004 Internet Systems Consortium. dhcpd: All rights reserved. dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ audit(1107297176.619:0): avc: denied { search } for pid=8099 exe=/usr/sbin/dhcpd name=named dev=sda1 ino=1295119 scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:named_zone_t tclass=dir dhcpd: Can't open /etc/rndc.key: Permission denied dhcpd: ... dhcpd: exiting. My current workaround was to make a hard link from /etc/rndc.key from /var/named/chroot/etc/rndc.key, comment out this line from /etc/selinux/targeted/contexts/files/file_contexts: /etc/rndc.* -- system_u:object_r:named_conf_t then run restorecon on /etc/rndc*, and then dhcpd started up fine, and writes to master zones also seems to be working. Alternative solutions are on the bugzilla report. Regards, Tim -- Morals? I eat communism and $h!t America, brother. --Seanbaby
