[CentOS] bind9, SELinux, ServFail
Meenoo Shivdasani
meenoo at gmail.com
Fri Jul 11 01:41:03 UTC 2008
> If it's SELinux related, have a look at /var/log/audit/audit.log, that
> will tell you what is being blocked in SELinux. That would be a good
> start. Let us know what you found there, then we might be able to help
> you a little more.
That's a huge help -- didn't occur to me to look in audit.log -- that
said, I'm not entirely sure what SELinux is doing here (other than
denying the connection). Or, to be more accurate, I don't understand
why it's denying the connection, therefore don't know how to make it
behave...
type=AVC msg=audit(1215740151.446:796): avc: denied { name_bind }
for pid=21081 comm="named" src=16660
scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=udp_socket
type=SYSCALL msg=audit(1215740151.446:796): arch=c000003e syscall=49
success=no exit=-13 a0=1f a1=43c8ed40 a2=1c a3=43c8eb3c items=0 ppid=1
pid=21081 auid=0 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25
sgid=25 fsgid=25 tty=(none) ses=60 comm="named" exe="/usr/sbin/named"
subj=root:system_r:named_t:s0 key=(null)
Ideas & thoughts welcome...
Thanks,
M
More information about the CentOS
mailing list