Re: bind9, SELinux, ServFail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>  If it's SELinux related, have a look at /var/log/audit/audit.log, that
>  will tell you what is being blocked in SELinux. That would be a good
>  start. Let us know what you found there, then we might be able to help
>  you a little more.

That's a huge help -- didn't occur to me to look in audit.log -- that
said, I'm not entirely sure what SELinux is doing here (other than
denying the connection).  Or, to be more accurate, I don't understand
why it's denying the connection, therefore don't know how to make it
behave...

type=AVC msg=audit(1215740151.446:796): avc:  denied  { name_bind }
for  pid=21081 comm="named" src=16660
scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=udp_socket

type=SYSCALL msg=audit(1215740151.446:796): arch=c000003e syscall=49
success=no exit=-13 a0=1f a1=43c8ed40 a2=1c a3=43c8eb3c items=0 ppid=1
pid=21081 auid=0 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25
sgid=25 fsgid=25 tty=(none) ses=60 comm="named" exe="/usr/sbin/named"
subj=root:system_r:named_t:s0 key=(null)

Ideas & thoughts welcome...
Thanks,

M
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux