Bug 172277

Summary: named: unable to convert errno to isc_result: 14: Bad address
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: bindAssignee: Russell Coker <rcoker>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jvdias
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-26 00:45:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2005-11-02 09:46:33 UTC 
Description of problem:
Today I found the following lines (again) in my syslog:

[...]
Nov  2 05:26:19 tux named[4771]: errno2result.c:109: unexpected error:
Nov  2 05:26:19 tux named[4771]: unable to convert errno to isc_result: 14: Bad 
address
Nov  2 05:26:19 tux named[4771]: UDP client handler shutting down due to fatal 
receive error: unexpected error
[...]

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-10
selinux-policy-targeted-1.27.2-11

How reproducible:
Just run latest SELinux targeted enforced and wait for some time or days, 
another way I don't know of, yet. Sorry!

Actual results:
Named process is running anyway. There also seems to be everything "normal" (DNS 
queries are working, it's listening to IPs and similar).

I got this error the first time after enabling MCS/MLS (after a reboot).

Expected results:
No error.

Additional info:
I guess, this problem is SELinux related. But maybe it's a bind bug which was 
made visible by SELinux - in this case reassign, please.
Comment 1 Jason Vas Dias 2005-11-03 17:13:36 UTC 
The named messages shows named is unable to bind to a UDP address + port ,
so it won't serve UDP clients requesting via that address.
By default, when named starts up, or a new interface is created, named 
tries to bind to UDP port 53 on each interface address to handle queries.
It seems that under "MCS/MLS" it does not have permission to do so.
Please try:
  # >/var/log/audit/audit.log
  # service named start
and then append the /var/log/audit/audit.log contents to this bug report.
When you say :
> I got this error the first time after enabling MCS/MLS (after a reboot).
What steps did you take to do so ? Changing from targeted -> strict ?
Comment 2 Robert Scheck 2005-11-03 22:54:49 UTC 
> What steps did you take to do so ? Changing from targeted -> strict ?

No. Okay, what I did: The initial situation was kernel-2.6.13-1.1527_FC5 with 
selinux-policy-targeted-1.27.2-9 (MCS/MLS was disabled; hacked out in the spec 
file). The policy was targeted enforced. 

Then I did an upgrade to kernel-2.6.14-1.1633_FC5 (at this time, this was latest 
CVS) and selinux-policy-targeted-1.27.2-10 (without manipulating anything *g*). 
Reboot of the system (also targeted enforced) MCS/MLS enabled per default. 48 
minutes later (after rebooting), I got the message, the first time. I still was 
a bit confused; restarted named, but no errors/denieds in syslog.

Named was still working, I didn't care about it. The second time, I got the 
error at Nov  2 05:26:19 - no idea, what happend at this moment ;-)

Oh and

>  # >/var/log/audit/audit.log
>  # service named start

didn't produce any output into the log file or to other syslog files (except the 
normal restart messages by named), so there's nothing to append. Did I something 
wrong or could this be the right case?!
Comment 3 Daniel Walsh 2005-11-30 20:46:28 UTC 
I don'ty
Comment 4 Daniel Walsh 2005-11-30 20:48:04 UTC 
I don't see this as an SELinux problem.  SELinux allows named to bind to udp
port 53 and no AVC messages
Comment 5 Robert Scheck 2006-03-26 00:45:06 UTC 
I didn't see this problem since switching to the serefpolicy (selinux-policy
2.0.0) again, so closing now.