SELinux commands for allowing caching-only-nameserver

Daniel J Walsh dwalsh at redhat.com
Thu Jul 10 15:36:11 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rahul Tidke wrote:
> Hello All,
>  Please see below /var/log/messages when I started named service; I have
> installed bind-chroot package on fedora core 6, configured the name
> server and started the service.
> 
> [root at espl etc]# service named start
> Starting named:                                            [  OK  ]
> 
> Jul 10 09:50:29 espl named[27224]: starting BIND 9.3.4-P1 -u named -t
> /var/named/chroot
> Jul 10 09:50:29 espl named[27224]: found 2 CPUs, using 2 worker threads
> Jul 10 09:50:29 espl named[27224]: loading configuration from
> '/etc/named.conf'
> Jul 10 09:50:29 espl named[27224]: listening on IPv6 interface lo, ::1#53
> Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface eth0,
> 192.168.10.254#53
> Jul 10 09:50:29 espl named[27224]: command channel listening on
> 127.0.0.1#953
> Jul 10 09:50:29 espl named[27224]: command channel listening on ::1#953
> Jul 10 09:50:29 espl named[27224]: zone
> 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jul 10 09:50:29 espl named[27224]: zone
> 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
> Jul 10 09:50:29 espl named[27224]: zone
> 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jul 10 09:50:29 espl named[27224]: zone
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
> loaded serial 1997022700
> Jul 10 09:50:29 espl named[27224]: zone
> localdomain/IN/localhost_resolver: loaded serial 42
> Jul 10 09:50:29 espl named[27224]: zone localhost/IN/localhost_resolver:
> loaded serial 42
> Jul 10 09:50:29 espl named[27224]: running
> Jul 10 09:50:31 espl setroubleshoot:      SELinux prevented /bin/mount
> from mounting on the file or directory "/var/named/chroot/var/run/dbus"
> (type "system_dbusd_var_run_t"). For complete SELinux messages. run
> sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5
> Jul 10 09:50:31 espl setroubleshoot:      SELinux prevented /bin/mount
> from mounting on the file or directory "/var/named/chroot/var/run/dbus"
> (type "system_dbusd_var_run_t"). For complete SELinux messages. run
> sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5
> 
> Now named is running but I am still unable to resolve hostnames from
> client computers.
> 
> [root at espl etc]# rndc status
> rndc: connect failed: 127.0.0.1#953: timed out
> 
> [root at espl ~]# service named status
> rndc: connect failed: 127.0.0.1#953: operation canceled
> 
> [root at espl etc]# service named restart
> Stopping named: ..................................................no
> response, killing with -TERM
>                                                            [  OK  ]
> Starting named:                                            [  OK  ]
> 
> Jul 10 10:23:25 espl named[27224]: shutting down
> Jul 10 10:23:25 espl named[27224]: stopping command channel on
> 127.0.0.1#953
> Jul 10 10:23:25 espl named[27224]: stopping command channel on ::1#953
> Jul 10 10:23:25 espl named[27224]: no longer listening on ::1#53
> Jul 10 10:23:25 espl named[27224]: no longer listening on 127.0.0.1#53
> Jul 10 10:23:25 espl named[27224]: no longer listening on 192.168.10.254#53
> Jul 10 10:23:25 espl named[27224]: exiting
> Jul 10 10:23:27 espl named[27592]: starting BIND 9.3.4-P1 -u named -t
> /var/named/chroot
> Jul 10 10:23:27 espl named[27592]: found 2 CPUs, using 2 worker threads
> Jul 10 10:23:27 espl named[27592]: loading configuration from
> '/etc/named.conf'
> Jul 10 10:23:27 espl named[27592]: listening on IPv6 interface lo, ::1#53
> Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface eth0,
> 192.168.10.254#53
> Jul 10 10:23:27 espl named[27592]: command channel listening on
> 127.0.0.1#953
> Jul 10 10:23:27 espl named[27592]: command channel listening on ::1#953
> Jul 10 10:23:27 espl named[27592]: zone
> 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jul 10 10:23:27 espl named[27592]: zone
> 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
> Jul 10 10:23:27 espl named[27592]: zone
> 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jul 10 10:23:27 espl named[27592]: zone
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
> loaded serial 1997022700
> Jul 10 10:23:27 espl named[27592]: zone
> localdomain/IN/localhost_resolver: loaded serial 42
> Jul 10 10:23:27 espl named[27592]: zone localhost/IN/localhost_resolver:
> loaded serial 42
> Jul 10 10:23:27 espl named[27592]: running
> Jul 10 10:23:29 espl setroubleshoot:      SELinux prevented /bin/mount
> from mounting on the file or directory "/var/named/chroot/var/run/dbus"
> (type "system_dbusd_var_run_t"). For complete SELinux messages. run
> sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5
> Jul 10 10:23:29 espl setroubleshoot:      SELinux prevented /bin/mount
> from mounting on the file or directory "/var/named/chroot/var/run/dbus"
> (type "system_dbusd_var_run_t"). For complete SELinux messages. run
> sealert -l 3175f313-6928-44a4-8a65-dc7d909299d5
> 
> How to make SELinux allow named to run? What are the commands?
> 
> Regards,
> Technical Support
> Excelize Software Pvt. Ltd.
> www.excelize.com
> 
Well asside from Fedora 6 and 7 for that matter are no longer supported.
 You can try

# restorecon -R -v /var/named
# yum -y upgrade selinux-policy-targeted

And see if the problem has gone away.

Or you could upgrade the Machine to Fedora 9 :^)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh2LGsACgkQrlYvE4MpobN2OQCgjcWAKqpTy0TO+oW2JY3qipfF
ETsAoKUP68Bjf6n8LHrg57Spq2RcEb+1
=wPCp
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list