Description of problem: when configured named to use GSS-TSIG based authentication (Kerberos based authentication) SELinux doesn't allow named to start Version-Release number of selected component (if applicable): rpm -q selinux-policy selinux-policy-3.0.5-8.fc8 Actual results: Aug 20 14:11:40 devel kernel: audit(1187611900.398:5): avc: denied { getattr } for pid=1709 comm="named" name="krb5.conf" dev=xvda1 ino=131125 scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:krb5_conf_t:s0 tclass=file Aug 20 14:11:40 devel kernel: audit(1187611900.398:6): avc: denied { getattr } for pid=1709 comm="named" name="krb5.conf" dev=xvda1 ino=131125 scontext=root:system_r:named_t:s0 tcontext=system_u:object_r:krb5_conf_t:s0 tclass=file Expected results: no intereception Additional info: I will provide testcase if needed
Fixed in selinux-policy-3.0.5-9.fc8
Works as expected. Thanks