Description of problem: In order to support dynamic dns updating by dhcpd, you need to enable (set to 1) the variable named_write_master_zones in /etc/selinux/targeted/booleans the named startup script uses this variable (if set to 1) to change ownership of /var/named/chroot/var/named so that named can write to that directory. Although you can check and uncheck the box in system-config-securitylevel it has no effect on changing the variable in /etc/selinux/targeted/booleans
Gene it should be changing this in /etc/selinux/targeted/booleans.local?
I just tried it here and it worked. more booleans.local allow_ypbind=0 named_write_master_zones=1 getsebool named_write_master_zones named_write_master_zones --> active
OK, boolean.local is a change (at least to me) because earlier versions (e.g., FC3) changed the value in /etc/selinux/targeted/booleans Now, named_write_master_zones is defined in both /etc/selinux/targeted/booleans and /etc/selinux/targeted/booleans.local but which takes precidence? If it is set to "1" in booleans will setting it to "0" in booleans.local be ignored? How about the reverse?
One additional point ... setting named_write_master_zones to 1 in booleans is not recognized by systems-config-securitylevel ... only settings in booleans.local.
Yes, booleans.local takes precedence over whatever's defined in booleans. Think of it as the difference between global environment settings and per-user environment settings.
Ok, I am satisfied that there is no bug and am closing this. I was not aware of the booleans.local ... it might be a good idea to add something about this to RELEASE-NOTES