Bug 172277 - named: unable to convert errno to isc_result: 14: Bad address
named: unable to convert errno to isc_result: 14: Bad address
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-02 04:46 EST by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-25 19:45:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2005-11-02 04:46:33 EST
Description of problem:
Today I found the following lines (again) in my syslog:

[...]
Nov  2 05:26:19 tux named[4771]: errno2result.c:109: unexpected error:
Nov  2 05:26:19 tux named[4771]: unable to convert errno to isc_result: 14: Bad 
address
Nov  2 05:26:19 tux named[4771]: UDP client handler shutting down due to fatal 
receive error: unexpected error
[...]

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-10
selinux-policy-targeted-1.27.2-11

How reproducible:
Just run latest SELinux targeted enforced and wait for some time or days, 
another way I don't know of, yet. Sorry!

Actual results:
Named process is running anyway. There also seems to be everything "normal" (DNS 
queries are working, it's listening to IPs and similar).

I got this error the first time after enabling MCS/MLS (after a reboot).

Expected results:
No error.

Additional info:
I guess, this problem is SELinux related. But maybe it's a bind bug which was 
made visible by SELinux - in this case reassign, please.
Comment 1 Jason Vas Dias 2005-11-03 12:13:36 EST
The named messages shows named is unable to bind to a UDP address + port ,
so it won't serve UDP clients requesting via that address.
By default, when named starts up, or a new interface is created, named 
tries to bind to UDP port 53 on each interface address to handle queries.
It seems that under "MCS/MLS" it does not have permission to do so.
Please try:
  # >/var/log/audit/audit.log
  # service named start
and then append the /var/log/audit/audit.log contents to this bug report.
When you say :
> I got this error the first time after enabling MCS/MLS (after a reboot).
What steps did you take to do so ? Changing from targeted -> strict ?
Comment 2 Robert Scheck 2005-11-03 17:54:49 EST
> What steps did you take to do so ? Changing from targeted -> strict ?

No. Okay, what I did: The initial situation was kernel-2.6.13-1.1527_FC5 with 
selinux-policy-targeted-1.27.2-9 (MCS/MLS was disabled; hacked out in the spec 
file). The policy was targeted enforced. 

Then I did an upgrade to kernel-2.6.14-1.1633_FC5 (at this time, this was latest 
CVS) and selinux-policy-targeted-1.27.2-10 (without manipulating anything *g*). 
Reboot of the system (also targeted enforced) MCS/MLS enabled per default. 48 
minutes later (after rebooting), I got the message, the first time. I still was 
a bit confused; restarted named, but no errors/denieds in syslog.

Named was still working, I didn't care about it. The second time, I got the 
error at Nov  2 05:26:19 - no idea, what happend at this moment ;-)

Oh and

>  # >/var/log/audit/audit.log
>  # service named start

didn't produce any output into the log file or to other syslog files (except the 
normal restart messages by named), so there's nothing to append. Did I something 
wrong or could this be the right case?!
Comment 3 Daniel Walsh 2005-11-30 15:46:28 EST
I don'ty  
Comment 4 Daniel Walsh 2005-11-30 15:48:04 EST
I don't see this as an SELinux problem.  SELinux allows named to bind to udp
port 53 and no AVC messages
Comment 5 Robert Scheck 2006-03-25 19:45:06 EST
I didn't see this problem since switching to the serefpolicy (selinux-policy
2.0.0) again, so closing now.

Note You need to log in before you can comment on or make changes to this bug.