[CentOS] bind9, SELinux, ServFail

Meenoo Shivdasani meenoo at gmail.com
Fri Jul 11 01:41:03 UTC 2008

>  If it's SELinux related, have a look at /var/log/audit/audit.log, that
>  will tell you what is being blocked in SELinux. That would be a good
>  start. Let us know what you found there, then we might be able to help
>  you a little more.

That's a huge help -- didn't occur to me to look in audit.log -- that
said, I'm not entirely sure what SELinux is doing here (other than
denying the connection).  Or, to be more accurate, I don't understand
why it's denying the connection, therefore don't know how to make it

type=AVC msg=audit(1215740151.446:796): avc:  denied  { name_bind }
for  pid=21081 comm="named" src=16660
scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0

type=SYSCALL msg=audit(1215740151.446:796): arch=c000003e syscall=49
success=no exit=-13 a0=1f a1=43c8ed40 a2=1c a3=43c8eb3c items=0 ppid=1
pid=21081 auid=0 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25
sgid=25 fsgid=25 tty=(none) ses=60 comm="named" exe="/usr/sbin/named"
subj=root:system_r:named_t:s0 key=(null)

Ideas & thoughts welcome...


More information about the CentOS mailing list