Red Hat Bugzilla – Bug 155843
not enabling named_write_master_zones
Last modified: 2007-11-30 17:11:04 EST
Description of problem:
In order to support dynamic dns updating by dhcpd, you need to enable (set to 1)
the variable named_write_master_zones in /etc/selinux/targeted/booleans
the named startup script uses this variable (if set to 1) to change ownership of
/var/named/chroot/var/named so that named can write to that directory.
Although you can check and uncheck the box in system-config-securitylevel it has
no effect on changing the variable in /etc/selinux/targeted/booleans
Gene it should be changing this in /etc/selinux/targeted/booleans.local?
I just tried it here and it worked.
named_write_master_zones --> active
OK, boolean.local is a change (at least to me) because earlier versions (e.g.,
FC3) changed the value in /etc/selinux/targeted/booleans
Now, named_write_master_zones is defined in both /etc/selinux/targeted/booleans
and /etc/selinux/targeted/booleans.local but which takes precidence? If it is
set to "1" in booleans will setting it to "0" in booleans.local be ignored? How
about the reverse?
One additional point ... setting named_write_master_zones to 1 in booleans is
not recognized by systems-config-securitylevel ... only settings in booleans.local.
Yes, booleans.local takes precedence over whatever's defined in booleans. Think
of it as the difference between global environment settings and per-user
Ok, I am satisfied that there is no bug and am closing this.
I was not aware of the booleans.local ... it might be a good idea to add
something about this to RELEASE-NOTES