Description of problem:
Enforcing selinux-policy-targeted has incorrect permissions for chrooted named service preventing it's write access to chrooted tmpfs
Version-Release number of selected component (if applicable):
Easy. Upgrade to latest packages and named-chroot.service fails to start.
Steps to Reproduce:
1. yum update
2. systemctl status named-chroot.service --full
Active: failed (Result: timeout)
Non-functional name server
Functional name server
It is possible to fix the issue by overriding the policy file with following two commands:
# semanage fcontext -a -t var_run_t "/var/named/chroot/run(/.*)?"
# restorecon -R -v /var/named/chroot/run/named
The problem is in /etc/selinux/targeted/contexts/files/file_contexts in the line
In fact the given directory is incorrect, correct one is /var/named/chroot/run/named/ and it has two files in it:
-rw-r--r--. 1 named named 5 Mar 22 12:02 named.pid
-rw-------. 1 named named 102 Mar 22 12:02 session.key
Even if, the directory would be correct, the session.key file would not be matched.
fixes this in git.
selinux-policy-3.12.1-74.29.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.29.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.12.1-74.30.fc19 has been submitted as an update for Fedora 19.
selinux-policy-3.12.1-74.30.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.