Bug 239248
Summary: | selinux denial on /dev/random | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andrew Bartlett <abartlet> |
Component: | bind | Assignee: | Adam Tkac <atkac> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | ovasik |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 9.3.4-5.fc6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-22 16:07:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andrew Bartlett
2007-05-06 23:51:42 UTC
Looks like your /usr/sbin/named of /dev/random is mislabeled. Try "restorecon /usr/sbin/named && restorecon /dev/random" . On my up2date rawhide box named has object_r:named_exec_t context instead your user_u:system_r:named_t. Also attach output from "ls -Z /usr/sbin/named && ls -Z /dev/random". Regards, Adam Firstly, the NetworkManager issues seem unrelated and resolved, so that was a red herring. On the SELinux issue, the issue remains identical. I have restored the context on both /dev/random and /usr/sbin/named. Is this /dev/random or /var/named/chroot/dev/random? Looks like the labeling got screwed up some how. grep random /etc/selinux/targeted/contexts/files/file_contexts /dev/hwrng -c system_u:object_r:random_device_t:s0 /dev/random -c system_u:object_r:random_device_t:s0 /dev/urandom -c system_u:object_r:urandom_device_t:s0 /dev/hw_random -c system_u:object_r:random_device_t:s0 /var/run/random-seed -- system_u:object_r:initrc_var_run_t:s0 /var/named/chroot/dev/random -c system_u:object_r:random_device_t:s0 Should be random_device_t. If you're running bind in chroot, bind-chroot-admin script has a bug which caused that chroot could be mislabeled. You could upcomming http://people.redhat.com/atkac/bind/bind-9.3.4-4.5.fc6.src.rpm Regards, A (In reply to comment #4) > caused that chroot could be mislabeled. You could upcomming You could try upcomming .. :) Could be fixed in bind-9.3.4-5.fc6 |