Description of problem: After upgrading to newest bind version yesterday triggers avc denied messages Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.145 (upgraded to) bind-9.2.4-27.0.1.el4 How reproducible: After upgrade, detected on 2 systems by logwatch. Steps to Reproduce: Probably down and re-upgrade bind version Actual results: Jul 25 16:23:41 server kernel: audit(1185373421.023:11): avc: denied { read } for pid=10357 comm="named" name="[2930654]" dev=pipefs ino=2930654 scontext=root:system_r:named_t tcontext=root:system_r:unconfined_t tclass=fifo_file Jul 25 16:23:41 server named[10358]: starting BIND 9.2.4 -u named -t /var/named/chroot Expected results: No such messages Additional info: System is running in enforcement mode # lsof | grep named | grep pipe named 21248 named 5r FIFO 0,7 3032409 pipe named 21248 named 7w FIFO 0,7 3032409 pipe Impact: unknown, named looks like working.
These can be ignored. Usually this is a leaked file descriptor that SELinux is just closing. As long as the daemon functions properly. We will not fix.