SELinux commands for allowing caching-only-nameserver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello All,
Please see below /var/log/messages when I started named service; I have installed bind-chroot package on fedora core 6, configured the name server and started the service. 

[root@espl etc]# service named start
Starting named:                                            [  OK  ]
Jul 10 09:50:29 espl named[27224]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot 
Jul 10 09:50:29 espl named[27224]: found 2 CPUs, using 2 worker threads
Jul 10 09:50:29 espl named[27224]: loading configuration from '/etc/named.conf' 
Jul 10 09:50:29 espl named[27224]: listening on IPv6 interface lo, ::1#53
Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface eth0, 192.168.10.254#53 Jul 10 09:50:29 espl named[27224]: command channel listening on 127.0.0.1#953 
Jul 10 09:50:29 espl named[27224]: command channel listening on ::1#953
Jul 10 09:50:29 espl named[27224]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Jul 10 09:50:29 espl named[27224]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Jul 10 09:50:29 espl named[27224]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Jul 10 09:50:29 espl named[27224]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Jul 10 09:50:29 espl named[27224]: zone localdomain/IN/localhost_resolver: loaded serial 42 Jul 10 09:50:29 espl named[27224]: zone localhost/IN/localhost_resolver: loaded serial 42 
Jul 10 09:50:29 espl named[27224]: running
Jul 10 09:50:31 espl setroubleshoot: SELinux prevented /bin/mount from mounting on the file or directory "/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). For complete SELinux messages. run sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5 Jul 10 09:50:31 espl setroubleshoot: SELinux prevented /bin/mount from mounting on the file or directory "/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). For complete SELinux messages. run sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5
Now named is running but I am still unable to resolve hostnames from client computers. 

[root@espl etc]# rndc status
rndc: connect failed: 127.0.0.1#953: timed out

[root@espl ~]# service named status
rndc: connect failed: 127.0.0.1#953: operation canceled

[root@espl etc]# service named restart
Stopping named: ..................................................no response, killing with -TERM 
                                                           [  OK  ]
Starting named:                                            [  OK  ]

Jul 10 10:23:25 espl named[27224]: shutting down
Jul 10 10:23:25 espl named[27224]: stopping command channel on 127.0.0.1#953
Jul 10 10:23:25 espl named[27224]: stopping command channel on ::1#953
Jul 10 10:23:25 espl named[27224]: no longer listening on ::1#53
Jul 10 10:23:25 espl named[27224]: no longer listening on 127.0.0.1#53
Jul 10 10:23:25 espl named[27224]: no longer listening on 192.168.10.254#53
Jul 10 10:23:25 espl named[27224]: exiting
Jul 10 10:23:27 espl named[27592]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot 
Jul 10 10:23:27 espl named[27592]: found 2 CPUs, using 2 worker threads
Jul 10 10:23:27 espl named[27592]: loading configuration from '/etc/named.conf' 
Jul 10 10:23:27 espl named[27592]: listening on IPv6 interface lo, ::1#53
Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface eth0, 192.168.10.254#53 Jul 10 10:23:27 espl named[27592]: command channel listening on 127.0.0.1#953 
Jul 10 10:23:27 espl named[27592]: command channel listening on ::1#953
Jul 10 10:23:27 espl named[27592]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Jul 10 10:23:27 espl named[27592]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Jul 10 10:23:27 espl named[27592]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Jul 10 10:23:27 espl named[27592]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Jul 10 10:23:27 espl named[27592]: zone localdomain/IN/localhost_resolver: loaded serial 42 Jul 10 10:23:27 espl named[27592]: zone localhost/IN/localhost_resolver: loaded serial 42 
Jul 10 10:23:27 espl named[27592]: running
Jul 10 10:23:29 espl setroubleshoot: SELinux prevented /bin/mount from mounting on the file or directory "/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). For complete SELinux messages. run sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5 Jul 10 10:23:29 espl setroubleshoot: SELinux prevented /bin/mount from mounting on the file or directory "/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). For complete SELinux messages. run sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5 

How to make SELinux allow named to run? What are the commands?

Regards,
Technical Support
Excelize Software Pvt. Ltd.
www.excelize.com

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux