Hide Forgot
Description of problem: # matchpathcon /usr/sbin/named-sdb /usr/sbin/named-sdb system_u:object_r:bin_t:s0 # Version-Release number of selected component (if applicable): bind-9.9.4-4.el7.x86_64 bind-chroot-9.9.4-4.el7.x86_64 bind-libs-9.9.4-4.el7.x86_64 bind-libs-lite-9.9.4-4.el7.x86_64 bind-license-9.9.4-4.el7.noarch bind-sdb-9.9.4-4.el7.x86_64 bind-utils-9.9.4-4.el7.x86_64 selinux-policy-3.12.1-99.el7.noarch selinux-policy-devel-3.12.1-99.el7.noarch selinux-policy-doc-3.12.1-99.el7.noarch selinux-policy-minimum-3.12.1-99.el7.noarch selinux-policy-mls-3.12.1-99.el7.noarch selinux-policy-targeted-3.12.1-99.el7.noarch How reproducible: always Steps to Reproduce: # service named-sdb status Redirecting to /bin/systemctl status named-sdb.service named-sdb.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named-sdb.service; disabled) Active: inactive (dead) Nov 14 10:00:28 rhel70.localdomain systemd[1]: Started Berkeley Internet Nam.... Nov 14 10:00:28 rhel70.localdomain named-sdb[13856]: running Nov 14 10:00:41 rhel70.localdomain systemd[1]: Stopping Berkeley Internet Na.... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: received control channel... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: shutting down: flushing ... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: stopping command channel... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: stopping command channel... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: no longer listening on 1... Nov 14 10:00:41 rhel70.localdomain named-sdb[13856]: no longer listening on :... Nov 14 10:00:41 rhel70.localdomain systemd[1]: Stopped Berkeley Internet Nam.... Hint: Some lines were ellipsized, use -l to show in full. # service named-sdb start Redirecting to /bin/systemctl start named-sdb.service # service named-sdb status Redirecting to /bin/systemctl status named-sdb.service named-sdb.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named-sdb.service; disabled) Active: active (running) since Thu 2013-11-14 10:02:56 CET; 1s ago Process: 13968 ExecStart=/usr/sbin/named-sdb -u named $OPTIONS (code=exited, status=0/SUCCESS) Process: 13965 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS) Process: 13963 ExecStartPre=/usr/libexec/generate-rndc-key.sh (code=exited, status=0/SUCCESS) Main PID: 13970 (named-sdb) CGroup: /system.slice/named-sdb.service └─13970 /usr/sbin/named-sdb -u named Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: command channel listenin... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: command channel listenin... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: managed-keys-zone: loade... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: zone 0.in-addr.arpa/IN: ... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: zone localhost/IN: loade... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: zone 1.0.0.127.in-addr.a... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: zone 1.0.0.0.0.0.0.0.0.0... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: zone localhost.localdoma... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: all zones loaded Nov 14 10:02:56 rhel70.localdomain systemd[1]: Started Berkeley Internet Nam.... Nov 14 10:02:56 rhel70.localdomain named-sdb[13970]: running Hint: Some lines were ellipsized, use -l to show in full. # ps -efZ | grep named system_u:system_r:init_t:s0 named 13970 1 0 10:02 ? 00:00:00 /usr/sbin/named-sdb -u named unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 13986 2470 0 10:03 pts/0 00:00:00 grep --color=auto named # Actual results: * named-sdb runs as init_t Expected results: * named-sdb runs as named_t
commit e288e13cf463d98eb29fbcb2f74fb73edf7741dd Author: Lukas Vrabec <lvrabec> Date: Fri Jan 17 10:52:41 2014 +0100 Added support for named-sdb in bind policy
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.