SElinux and named: can't add a new domain

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
Dadoo
Posts: 1
Joined: 2008/10/15 04:51:49

SElinux and named: can't add a new domain

Post by Dadoo » 2008/10/15 05:16:35

Recently, I added a new domain to my name server, and I can't seem to get it to work. Here are some relevant lines from "/var/log/messages":

Oct 14 22:08:48 ns1 named[2634]: zone domain1.com/IN: loaded serial 2008070101
Oct 14 22:08:48 ns1 kernel: audit(1224043728.862:4): avc: denied { read } for pid=2635 comm="named" name="domain2.com.hosts" dev=hda3 ino=373669 scontext=user_u:system_r:named_t tcontext=root:object_r:user_home_t tclass=file
Oct 14 22:08:48 ns1 named[2634]: zone domain2.com/IN: loading master file /var/named/domain2.com.hosts: permission denied

Notice that "domain1" works fine, while "domain2" gets "permission denied". At first, I thought it was a permissions problem (obviously), but apparently, it's not, since doing an "ls" on "/var/named" gives me:

-rw-r--r-- 1 named named 1135 Jul 1 15:05 domain1.com.hosts
-rw-r--r-- 1 named named 543 Oct 3 17:44 domain2.com.hosts

It seems to be an SElinux problem, since the problem goes away, when I disable it. However, I'm not an SElinux expert, and I certainly don't remember doing anything special when I added the original domain.

What am I doing wrong?

yyagol
Posts: 1015
Joined: 2006/06/10 18:27:44
Location: 32 4′N 34 47′E
Contact:

SElinux and named: can't add a new domain

Post by yyagol » 2008/11/14 05:54:43

run ls -Z on the files , and fix the context to be like domain1
with chcon command

Post Reply

Return to “CentOS 4 - Server Support”