SELinux commands for allowing caching-only-nameserver

Rahul Tidke rahul at excelize.com
Thu Jul 10 05:01:54 UTC 2008 

Hello All,
  Please see below /var/log/messages when I started named service; I 
have installed bind-chroot package on fedora core 6, configured the name 
server and started the service.

[root at espl etc]# service named start
Starting named:                                            [  OK  ]

Jul 10 09:50:29 espl named[27224]: starting BIND 9.3.4-P1 -u named -t 
/var/named/chroot
Jul 10 09:50:29 espl named[27224]: found 2 CPUs, using 2 worker threads
Jul 10 09:50:29 espl named[27224]: loading configuration from 
'/etc/named.conf'
Jul 10 09:50:29 espl named[27224]: listening on IPv6 interface lo, ::1#53
Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface lo, 
127.0.0.1#53
Jul 10 09:50:29 espl named[27224]: listening on IPv4 interface eth0, 
192.168.10.254#53
Jul 10 09:50:29 espl named[27224]: command channel listening on 
127.0.0.1#953
Jul 10 09:50:29 espl named[27224]: command channel listening on ::1#953
Jul 10 09:50:29 espl named[27224]: zone 
0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 09:50:29 espl named[27224]: zone 
0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 09:50:29 espl named[27224]: zone 
255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 09:50:29 espl named[27224]: zone 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: 
loaded serial 1997022700
Jul 10 09:50:29 espl named[27224]: zone 
localdomain/IN/localhost_resolver: loaded serial 42
Jul 10 09:50:29 espl named[27224]: zone localhost/IN/localhost_resolver: 
loaded serial 42
Jul 10 09:50:29 espl named[27224]: running
Jul 10 09:50:31 espl setroubleshoot:      SELinux prevented /bin/mount 
from mounting on the file or directory 
"/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). 
For complete SELinux messages. run sealert -l 
3175f313-6928-44a4-8a65-dc7d909299d5
Jul 10 09:50:31 espl setroubleshoot:      SELinux prevented /bin/mount 
from mounting on the file or directory 
"/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). 
For complete SELinux messages. run sealert -l 
3175f313-6928-44a4-8a65-dc7d909299d5

Now named is running but I am still unable to resolve hostnames from 
client computers.

[root at espl etc]# rndc status
rndc: connect failed: 127.0.0.1#953: timed out

[root at espl ~]# service named status
rndc: connect failed: 127.0.0.1#953: operation canceled

[root at espl etc]# service named restart
Stopping named: ..................................................no 
response, killing with -TERM
                                                            [  OK  ]
Starting named:                                            [  OK  ]

Jul 10 10:23:25 espl named[27224]: shutting down
Jul 10 10:23:25 espl named[27224]: stopping command channel on 127.0.0.1#953
Jul 10 10:23:25 espl named[27224]: stopping command channel on ::1#953
Jul 10 10:23:25 espl named[27224]: no longer listening on ::1#53
Jul 10 10:23:25 espl named[27224]: no longer listening on 127.0.0.1#53
Jul 10 10:23:25 espl named[27224]: no longer listening on 192.168.10.254#53
Jul 10 10:23:25 espl named[27224]: exiting
Jul 10 10:23:27 espl named[27592]: starting BIND 9.3.4-P1 -u named -t 
/var/named/chroot
Jul 10 10:23:27 espl named[27592]: found 2 CPUs, using 2 worker threads
Jul 10 10:23:27 espl named[27592]: loading configuration from 
'/etc/named.conf'
Jul 10 10:23:27 espl named[27592]: listening on IPv6 interface lo, ::1#53
Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface lo, 
127.0.0.1#53
Jul 10 10:23:27 espl named[27592]: listening on IPv4 interface eth0, 
192.168.10.254#53
Jul 10 10:23:27 espl named[27592]: command channel listening on 
127.0.0.1#953
Jul 10 10:23:27 espl named[27592]: command channel listening on ::1#953
Jul 10 10:23:27 espl named[27592]: zone 
0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 10:23:27 espl named[27592]: zone 
0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 10:23:27 espl named[27592]: zone 
255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 10:23:27 espl named[27592]: zone 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: 
loaded serial 1997022700
Jul 10 10:23:27 espl named[27592]: zone 
localdomain/IN/localhost_resolver: loaded serial 42
Jul 10 10:23:27 espl named[27592]: zone localhost/IN/localhost_resolver: 
loaded serial 42
Jul 10 10:23:27 espl named[27592]: running
Jul 10 10:23:29 espl setroubleshoot:      SELinux prevented /bin/mount 
from mounting on the file or directory 
"/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). 
For complete SELinux messages. run sealert -l 
3175f313-6928-44a4-8a65-dc7d909299d5
Jul 10 10:23:29 espl setroubleshoot:      SELinux prevented /bin/mount 
from mounting on the file or directory 
"/var/named/chroot/var/run/dbus" (type "system_dbusd_var_run_t"). 
For complete SELinux messages. run sealert -l 
3175f313-6928-44a4-8a65-dc7d909299d5

How to make SELinux allow named to run? What are the commands?

Regards,
Technical Support
Excelize Software Pvt. Ltd.
www.excelize.com

More information about the fedora-list mailing list