Tim Fenn wrote:
On Wed, Feb 02, 2005 at 11:26:03AM -0800, Darren Grant wrote:
Change selinux to allow Dynamic DNS:
Edit the following file and change the '0' to '1':
/etc/selinux/targeted/booleans
named_write_master_zones=1
I'll check this out, but the error seems to be related to a search,
not a write call. More explicitly, my logs show (and I should have
included the gritty details and not just the selinux error in my OP):
dhcpd: Internet Systems Consortium DHCP Server V3.0.1
dhcpd: Copyright 2004 Internet Systems Consortium.
dhcpd: All rights reserved.
dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
audit(1107297176.619:0): avc: denied { search }
for pid=8099 exe=/usr/sbin/dhcpd name=named dev=sda1 ino=1295119
scontext=root:system_r:dhcpd_t tcontext=system_u:object_r:named_zone_t
tclass=dir
dhcpd: Can't open /etc/rndc.key: Permission denied
dhcpd:
...
dhcpd: exiting.
My current workaround was to make a hard link from /etc/rndc.key from
/var/named/chroot/etc/rndc.key, comment out this line from
/etc/selinux/targeted/contexts/files/file_contexts:
/etc/rndc.* -- system_u:object_r:named_conf_t
then run restorecon on /etc/rndc*, and then dhcpd started up fine, and
writes to master zones also seems to be working.
Alternative solutions are on the bugzilla report.
Regards,
Tim
Yes this "fix" will not fix your problem. We are working on a solution
for you .
