Red Hat Bugzilla – Bug 172277
named: unable to convert errno to isc_result: 14: Bad address
Last modified: 2007-11-30 17:11:16 EST
Description of problem:
Today I found the following lines (again) in my syslog:
Nov 2 05:26:19 tux named: errno2result.c:109: unexpected error:
Nov 2 05:26:19 tux named: unable to convert errno to isc_result: 14: Bad
Nov 2 05:26:19 tux named: UDP client handler shutting down due to fatal
receive error: unexpected error
Version-Release number of selected component (if applicable):
Just run latest SELinux targeted enforced and wait for some time or days,
another way I don't know of, yet. Sorry!
Named process is running anyway. There also seems to be everything "normal" (DNS
queries are working, it's listening to IPs and similar).
I got this error the first time after enabling MCS/MLS (after a reboot).
I guess, this problem is SELinux related. But maybe it's a bind bug which was
made visible by SELinux - in this case reassign, please.
The named messages shows named is unable to bind to a UDP address + port ,
so it won't serve UDP clients requesting via that address.
By default, when named starts up, or a new interface is created, named
tries to bind to UDP port 53 on each interface address to handle queries.
It seems that under "MCS/MLS" it does not have permission to do so.
# service named start
and then append the /var/log/audit/audit.log contents to this bug report.
When you say :
> I got this error the first time after enabling MCS/MLS (after a reboot).
What steps did you take to do so ? Changing from targeted -> strict ?
> What steps did you take to do so ? Changing from targeted -> strict ?
No. Okay, what I did: The initial situation was kernel-2.6.13-1.1527_FC5 with
selinux-policy-targeted-1.27.2-9 (MCS/MLS was disabled; hacked out in the spec
file). The policy was targeted enforced.
Then I did an upgrade to kernel-2.6.14-1.1633_FC5 (at this time, this was latest
CVS) and selinux-policy-targeted-1.27.2-10 (without manipulating anything *g*).
Reboot of the system (also targeted enforced) MCS/MLS enabled per default. 48
minutes later (after rebooting), I got the message, the first time. I still was
a bit confused; restarted named, but no errors/denieds in syslog.
Named was still working, I didn't care about it. The second time, I got the
error at Nov 2 05:26:19 - no idea, what happend at this moment ;-)
> # >/var/log/audit/audit.log
> # service named start
didn't produce any output into the log file or to other syslog files (except the
normal restart messages by named), so there's nothing to append. Did I something
wrong or could this be the right case?!
I don't see this as an SELinux problem. SELinux allows named to bind to udp
port 53 and no AVC messages
I didn't see this problem since switching to the serefpolicy (selinux-policy
2.0.0) again, so closing now.