Re: another selinux question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, Feb 02, 2005 at 11:26:03AM -0800, Darren Grant wrote:
> Change selinux to allow Dynamic DNS:
> Edit the following file and change the '0' to '1':
> /etc/selinux/targeted/booleans
> named_write_master_zones=1

I'll check this out, but the error seems to be related to a search,
not a write call.  More explicitly, my logs show (and I should have
included the gritty details and not just the selinux error in my OP):

dhcpd: Internet Systems Consortium DHCP Server V3.0.1
dhcpd: Copyright 2004 Internet Systems Consortium.
dhcpd: All rights reserved.
dhcpd: For info, please visit
audit(1107297176.619:0): avc:  denied  { search }
for  pid=8099 exe=/usr/sbin/dhcpd name=named dev=sda1 ino=1295119
scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:named_zone_t
dhcpd: Can't open /etc/rndc.key: Permission denied
dhcpd: exiting.

My current workaround was to make a hard link from /etc/rndc.key from
/var/named/chroot/etc/rndc.key, comment out this line from

/etc/rndc.*             --      system_u:object_r:named_conf_t

then run restorecon on /etc/rndc*, and then dhcpd started up fine, and
writes to master zones also seems to be working.

Alternative solutions are on the bugzilla report.


Morals?  I eat communism and $h!t America, brother.  --Seanbaby

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux