Bug 127555
Summary: | named can't write slave zone files to /var/named/chroot/var/named/slaves | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexandre Oliva <oliva> |
Component: | selinux-policy-targeted | Assignee: | Jason Vas Dias <jvdias> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bind-9.2.4rc7-9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-08-25 22:52:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexandre Oliva
2004-07-09 17:30:05 UTC
Could you send me the AVC Messages? Not easily. I ended up reinstalling FC3test1 with SELinux disabled on all my boxes, because SELinux, as it stands, would take me too much work to add file_contexts rules such that my home dir, that is a mess of soft links, would work. If you tried targeted policy there should not be a problem. Homedirectories don't matter that much. But you could still generate the bind error since it runs under policy. This is now fixed. The /var/named/chroot/named/slaves directory was not being created - it now is, with ownership named:named, the same as the /var/named/slaves directory, while /var/named and chroot/var/named have ownership root:named. This is now in bind-9.2.4rc6-1 in fc3-head. I tried the targeted policy, it didn't work because I have stuff like squid and sendmail writing to the partition that also contains my home dir. As for the contexts defined in the policy, it's still not right. selinux-policy-*-1.15.9-1 define contexts for /var/named/slave, not /var/named/slaves, both in root and chroot. This is now fixed (selinux-policy-targeted-1.17.4-1 and bind-9.2.4rc7-9). I've finally tried again an install of rawhide from scratch with SELinux enabled, and I can now confirm that it works. Thanks, |