Problems with DNS logging

Dan Thurman dant at cdkkt.com
Tue Jun 10 15:00:25 UTC 2008


I discovered that my logging somewhat failed:

1) I tried to use the link provided to submit a buzilla and
    apparently it brought up bluefish and within asks for my
    account name and password, and I tried to save this file
    but in doing so it failed to backup the file, so I clicked "continue"
    and it froze up.  What am I doing wrong?

2) The specific selinux error is as follows:
=============================================
Summary:

SELinux is preventing named (named_t) "write" to ./named (named_conf_t).

Detailed Description:

SELinux denied access requested by named. It is not expected that this access 
is
required by named and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to 
restore
the default system file context for ./named,

restorecon -v './named'

If this does not work, there is currently no automatic way to allow this 
access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not 
recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:named_t:s0
Target Context                system_u:object_r:named_conf_t:s0
Target Objects                ./named [ dir ]
Source                        named
Source Path                   /usr/sbin/named
Port                          <Unknown>
Host                          gold.cdkkt.com
Source RPM Packages           bind-9.5.0-27.rc1.fc8
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-109.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     gold.cdkkt.com
Platform                      Linux gold.cdkkt.com 2.6.25.4-10.fc8 #1 SMP Thu
                              May 22 23:34:09 EDT 2008 i686 i686
Alert Count                   3
First Seen                    Tue 10 Jun 2008 07:38:58 AM PDT
Last Seen                     Tue 10 Jun 2008 07:52:54 AM PDT
Local ID                      616a532f-b429-435d-bf97-e1d8427cc638
Line Numbers                  

Raw Audit Messages            

host=gold.cdkkt.com type=AVC msg=audit(1213109574.740:334): avc:  denied  { 
write } for  pid=10160 comm="named" name="named" dev=sdb5 ino=2622969 
scontext=system_u:system_r:named_t:s0 
tcontext=system_u:object_r:named_conf_t:s0 tclass=dir

host=gold.cdkkt.com type=SYSCALL msg=audit(1213109574.740:334): arch=40000003 
syscall=38 success=no exit=-13 a0=b543b4e8 a1=b7ea5ad2 a2=470214 a3=b7ea5ad2 
items=0 ppid=10158 pid=10160 auid=500 uid=25 gid=25 euid=25 suid=25 fsuid=25 
egid=25 sgid=25 fsgid=25 tty=(none) ses=1 comm="named" exe="/usr/sbin/named" 
subj=system_u:system_r:named_t:s0 key=(null)


Thanks!
Dan




More information about the fedora-selinux-list mailing list