Description of problem: After installing bind-chroot, bind no longer works because of selinux permissions. Version-Release number of selected component (if applicable): selinux-policy-2.3.3-18 selinux-policy-targeted-2.3.3-18 bind-config-9.3.2-34.fc6 bind-9.3.2-34.fc6 bind-libs-9.3.2-34.fc6 bind-chroot-9.3.2-34.fc6 bind-utils-9.3.2-34.fc6 How reproducible: always Steps to Reproduce: 1. start bind (sevice named start) 2. 3. Actual results: [root@macbook ~]# service named status rndc: neither /etc/rndc.conf nor /etc/rndc.key was found Expected results: running bind... Additional info: [root@macbook ~]# ls /etc/rndc.key -alZ lrwxrwxrwx root named system_u:object_r:dnssec_t /etc/rndc.key -> /var/named/chroot//etc/rndc.key dmesg output: audit(1154711291.301:4): avc: denied { read } for pid=4026 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711423.814:5): avc: denied { read } for pid=4141 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file eth0: no IPv6 routers present audit(1154711493.966:6): avc: denied { read } for pid=4254 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711504.971:7): avc: denied { read } for pid=4277 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711722.572:8): avc: denied { read } for pid=4379 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711744.454:9): avc: denied { read } for pid=4417 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711746.766:10): avc: denied { read } for pid=4440 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file audit(1154711751.318:11): avc: denied { read } for pid=4502 comm="rndc" name="rndc.key" dev=dm-0 ino=6522775 scontext=user_u:system_r:ndc_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=lnk_file
Problem persists with todays selinux updates: selinux-policy-targeted-2.3.3-20 selinux-policy-2.3.3-20
Problem solved with newer policy