Bug 518175 - The named_write_master_zones policy boolean was changed to 0 by root
The named_write_master_zones policy boolean was changed to 0 by root
Status: CLOSED DUPLICATE of bug 518749
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-19 06:42 EDT by Eddie Lania
Modified: 2013-04-30 19:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-27 06:42:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eddie Lania 2009-08-19 06:42:02 EDT
Description of problem:
As soon as I restart the named service the following message is being reported in the syslog:

"The named_write_master_zones policy boolean was changed to 0 by root"

Why? I do not like such messages without a proper explanation why it happened.


Version-Release number of selected component (if applicable):


bind-utils-9.6.1-4.P1.fc11.i586
bind-libs-9.6.1-4.P1.fc11.i586
bind-chroot-9.6.1-4.P1.fc11.i586
bind-9.6.1-4.P1.fc11.i586




How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Adam Tkac 2009-08-20 07:31:44 EDT
(In reply to comment #0)
> "The named_write_master_zones policy boolean was changed to 0 by root"
> 
> Why? I do not like such messages without a proper explanation why it happened.

The main reason is https://admin.fedoraproject.org/updates/F11/FEDORA-2009-7708, especially bug #510283.

Let me try to explain history of named_write_master_zones SELinux boolean.

Historically named_write_master_zones was used together with option in /etc/sysconfig/named to make the /var/named directory writable by named user and process. This "feature" has been removed and there were no possibility to make /var/named writable (except manually but you had to fix permissions after each update).

Now I added new parameter to /etc/sysconfig/named called "DEBUG" (explained there) which controls /var/named permissions. /var/named is writable by named user only if named_write_master_zones boolean is set to 1. It seems someone set named_write_master_zones to 1 in the past and the init script sets it now to 0 because you don't have DEBUG parameter set to one.

I hope my explanation is enough, feel free to ask if not.
Comment 2 Eddie Lania 2009-08-20 12:31:19 EDT
I believe it is clear: I have to put the zone files that need to be writeable in the "dynamic" directory.

I do have a question however.

Do the zone files still have to be symlinked to /var/named?

regards,

Eddie.
Comment 3 Eddie Lania 2009-08-21 03:50:35 EDT
I adapted the named.conf according to the suggested solution so that all dynamic zone files are in /var/named/chroot/var/named/dynamic.

However, when  named is started teh selinux message is still being reported in the system log:

Aug 21 09:39:31 ls2ka named[16367]: starting BIND 9.6.1-P1-RedHat-9.6.1-4.P1.fc11 -u named -4 -t /var/named/chroot
Aug 21 09:39:31 ls2ka named[16367]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i586-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i586-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
Aug 21 09:39:31 ls2ka named[16367]: adjusted limit on open files from 1024 to 1048576
Aug 21 09:39:31 ls2ka named[16367]: found 4 CPUs, using 4 worker threads
Aug 21 09:39:31 ls2ka named[16367]: using up to 4096 sockets
Aug 21 09:39:31 ls2ka named[16367]: loading configuration from '/etc/named.conf'
Aug 21 09:39:31 ls2ka named[16367]: using default UDP/IPv4 port range: [1024, 65535]
Aug 21 09:39:31 ls2ka named[16367]: using default UDP/IPv6 port range: [1024, 65535]
Aug 21 09:39:31 ls2ka named[16367]: no IPv6 interfaces found
Aug 21 09:39:31 ls2ka named[16367]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 21 09:39:31 ls2ka named[16367]: listening on IPv4 interface eth0, 192.168.168.3#53
Aug 21 09:39:31 ls2ka named[16367]: zone 'elton-intra.net' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: zone '168.168.192.in-addr.arpa' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: zone '_msdcs.elton-intra.net' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: zone '_sites.elton-intra.net' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: zone '_tcp.elton-intra.net' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: zone '_udp.elton-intra.net' allows updates by IP address, which is insecure
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 127.IN-ADDR.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: D.F.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 8.E.F.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: 9.E.F.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: A.E.F.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: automatic empty zone: B.E.F.IP6.ARPA
Aug 21 09:39:31 ls2ka named[16367]: command channel listening on 127.0.0.1#953
Aug 21 09:39:31 ls2ka named[16367]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
Aug 21 09:39:31 ls2ka named[16367]: zone 0.in-addr.arpa/IN: loaded serial 0
Aug 21 09:39:31 ls2ka named[16367]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
Aug 21 09:39:31 ls2ka named[16367]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Aug 21 09:39:31 ls2ka named[16367]: zone 168.168.192.in-addr.arpa/IN: loaded serial 1997101887
Aug 21 09:39:31 ls2ka named[16367]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
Aug 21 09:39:31 ls2ka named[16367]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Aug 21 09:39:31 ls2ka named[16367]: zone localhost.localdomain/IN: loaded serial 0
Aug 21 09:39:31 ls2ka named[16367]: zone localhost/IN: loaded serial 0
Aug 21 09:39:31 ls2ka named[16367]: zone elton-intra.net/IN: loaded serial 60418
Aug 21 09:39:31 ls2ka named[16367]: zone _msdcs.elton-intra.net/IN: loaded serial 200110352
Aug 21 09:39:31 ls2ka named[16367]: zone _sites.elton-intra.net/IN: loaded serial 200110217
Aug 21 09:39:31 ls2ka named[16367]: zone _tcp.elton-intra.net/IN: loaded serial 200110215
Aug 21 09:39:31 ls2ka named[16367]: zone _udp.elton-intra.net/IN: loaded serial 200110198
Aug 21 09:39:31 ls2ka named[16367]: zone elton-intra.net/IN: sending notifies (serial 60418)
Aug 21 09:39:31 ls2ka named[16367]: zone _tcp.elton-intra.net/IN: sending notifies (serial 200110215)
Aug 21 09:39:31 ls2ka named[16367]: zone 168.168.192.in-addr.arpa/IN: sending notifies (serial 1997101887)
Aug 21 09:39:31 ls2ka named[16367]: zone _sites.elton-intra.net/IN: sending notifies (serial 200110217)
Aug 21 09:39:31 ls2ka named[16367]: zone _msdcs.elton-intra.net/IN: sending notifies (serial 200110352)
Aug 21 09:39:31 ls2ka named[16367]: zone _udp.elton-intra.net/IN: sending notifies (serial 200110198)
Aug 21 09:39:31 ls2ka named[16367]: running
Aug 21 09:39:33 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 36747901-f53e-4acb-a34d-6ce639da2f24
Aug 21 09:39:34 ls2ka dbus: avc:  received policyload notice (seqno=26)
Aug 21 09:39:34 ls2ka dbus: Can't send to audit system: USER_AVC avc:  received policyload notice (seqno=26)#012: exe="?" (sauid=81, hostname=?, addr=?, terminal=?)
Aug 21 09:39:34 ls2ka setsebool: The named_write_master_zones policy boolean was changed to 0 by root
Aug 21 09:39:34 ls2ka dbus: Reloaded configuration




Zone updates seem to work fine however:


Aug 21 09:45:22 ls2ka dhcpd: DHCPREQUEST for 192.168.168.201 from 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 09:45:22 ls2ka dhcpd: DHCPACK on 192.168.168.201 to 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 09:45:26 ls2ka named[16367]: client 192.168.168.201#64442: updating zone 'elton-intra.net/IN': deleting rrset at 't1800fros.elton-intra.net' A
Aug 21 09:45:26 ls2ka named[16367]: client 192.168.168.201#64442: updating zone 'elton-intra.net/IN': adding an RR at 't1800fros.elton-intra.net' A
Aug 21 09:47:02 ls2ka named[16367]: client 192.168.168.83#52573: updating zone 'elton-intra.net/IN': deleting rrset at 't2330eddie.elton-intra.net' AAAA
Aug 21 09:47:02 ls2ka named[16367]: client 192.168.168.83#52573: updating zone 'elton-intra.net/IN': deleting rrset at 't2330eddie.elton-intra.net' A
Aug 21 09:47:02 ls2ka named[16367]: client 192.168.168.83#52573: updating zone 'elton-intra.net/IN': adding an RR at 't2330eddie.elton-intra.net' A

I do not consider this to be solved, do you?

Regards,

Eddie.
Comment 4 Eddie Lania 2009-08-21 13:57:41 EDT
It is still going wrong here:

Aug 21 12:23:48 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:23:48 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:23:49 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:23:49 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:24:48 ls2ka dhcpd: DHCPINFORM from 192.168.168.90 via eth0
Aug 21 12:24:48 ls2ka dhcpd: DHCPACK to 192.168.168.90 (00:11:11:3b:2f:e2) via eth0
Aug 21 12:24:49 ls2ka named[23113]: client 192.168.168.90#65116: updating zone 'elton-intra.net/IN': deleting rrset at 'P3000SSoerdjbali.elton-intra.net' A
Aug 21 12:24:49 ls2ka named[23113]: client 192.168.168.90#65116: updating zone 'elton-intra.net/IN': adding an RR at 'P3000SSoerdjbali.elton-intra.net' A
Aug 21 12:29:27 ls2ka dhcpd: DHCPREQUEST for 192.168.168.246 from 00:90:27:78:d6:59 (PS78D659) via eth0
Aug 21 12:29:27 ls2ka dhcpd: DHCPACK on 192.168.168.246 to 00:90:27:78:d6:59 (PS78D659) via eth0
Aug 21 12:31:44 ls2ka clamd.scan[2280]: SelfCheck: Database status OK.
Aug 21 12:36:42 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:42 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:43 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:43 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:43 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:43 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:43 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:44 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 12:36:44 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 13:31:47 ls2ka dhcpd: Wrote 110 leases to leases file.
Aug 21 13:31:47 ls2ka dhcpd: DHCPREQUEST for 192.168.168.212 from 00:04:75:c5:4f:01 (p2400edi) via eth0
Aug 21 13:31:47 ls2ka dhcpd: DHCPACK on 192.168.168.212 to 00:04:75:c5:4f:01 (p2400edi) via eth0
Aug 21 14:25:52 ls2ka dhcpd: DHCPREQUEST for 192.168.168.66 from 00:19:d1:87:47:8b (t2400jpostema) via eth0
Aug 21 14:25:52 ls2ka dhcpd: DHCPACK on 192.168.168.66 to 00:19:d1:87:47:8b (t2400jpostema) via eth0
Aug 21 14:25:55 ls2ka dhcpd: DHCPREQUEST for 192.168.168.66 from 00:19:d1:87:47:8b (t2400jpostema) via eth0
Aug 21 14:25:55 ls2ka dhcpd: DHCPACK on 192.168.168.66 to 00:19:d1:87:47:8b (t2400jpostema) via eth0
Aug 21 14:26:55 ls2ka named[23113]: client 192.168.168.66#55419: updating zone 'elton-intra.net/IN': deleting rrset at 't2400jpostema.elton-intra.net' A
Aug 21 14:26:55 ls2ka named[23113]: client 192.168.168.66#55419: updating zone 'elton-intra.net/IN': adding an RR at 't2400jpostema.elton-intra.net' A
Aug 21 14:26:59 ls2ka dhcpd: DHCPREQUEST for 192.168.168.244 from 00:90:27:78:d6:70 (PS78D670) via eth0
Aug 21 14:26:59 ls2ka dhcpd: DHCPACK on 192.168.168.244 to 00:90:27:78:d6:70 (PS78D670) via eth0
Aug 21 14:27:28 ls2ka dhcpd: DHCPINFORM from 192.168.168.66 via eth0
Aug 21 14:27:28 ls2ka dhcpd: DHCPACK to 192.168.168.66 (00:19:d1:87:47:8b) via eth0
Aug 21 14:29:39 ls2ka dhcpd: DHCPREQUEST for 192.168.168.201 from 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 14:29:39 ls2ka dhcpd: DHCPACK on 192.168.168.201 to 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 14:29:41 ls2ka named[23113]: client 192.168.168.201#57196: updating zone 'elton-intra.net/IN': deleting rrset at 't1800fros.elton-intra.net' A
Aug 21 14:29:41 ls2ka named[23113]: client 192.168.168.201#57196: updating zone 'elton-intra.net/IN': adding an RR at 't1800fros.elton-intra.net' A
Aug 21 14:32:59 ls2ka dhcpd: Wrote 110 leases to leases file.
Aug 21 14:32:59 ls2ka dhcpd: DHCPREQUEST for 192.168.168.201 from 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 14:32:59 ls2ka dhcpd: DHCPACK on 192.168.168.201 to 00:1f:3c:35:09:a6 (t1800fros) via eth0
Aug 21 14:33:02 ls2ka named[23113]: client 192.168.168.201#64543: updating zone 'elton-intra.net/IN': deleting rrset at 't1800fros.elton-intra.net' A
Aug 21 14:33:02 ls2ka named[23113]: client 192.168.168.201#64543: updating zone 'elton-intra.net/IN': adding an RR at 't1800fros.elton-intra.net' A
Aug 21 14:34:15 ls2ka named[23113]: client 192.168.168.3#43232: updating zone 'elton-intra.net/IN': deleting an RR
Aug 21 14:34:15 ls2ka named[23113]: zone elton-intra.net/IN: sending notifies (serial 60419)
Aug 21 14:34:15 ls2ka dhcpd: if HP566F6D.elton-intra.net IN TXT "31863cb73b333d6eeac91dfff81f51ce1f" rrset exists and HP566F6D.elton-intra.net IN A 192.168.168.4 rrset exists delete HP566F6D.elton-intra.net IN A 192.168.168.4: success.
Aug 21 14:34:15 ls2ka named[23113]: client 192.168.168.3#36056: updating zone 'elton-intra.net/IN': deleting an RR
Aug 21 14:34:15 ls2ka dhcpd: if HP566F6D.elton-intra.net IN A rrset doesn't exist delete HP566F6D.elton-intra.net IN TXT "31863cb73b333d6eeac91dfff81f51ce1f": success.
Aug 21 14:34:15 ls2ka named[23113]: client 192.168.168.3#56134: updating zone '168.168.192.in-addr.arpa/IN': deleting rrset at '4.168.168.192.in-addr.arpa' PTR
Aug 21 14:34:15 ls2ka dhcpd: removed reverse map on 4.168.168.192.in-addr.arpa.
Aug 21 14:34:15 ls2ka named[23113]: zone 168.168.192.in-addr.arpa/IN: sending notifies (serial 1997101889)
Aug 21 14:34:15 ls2ka dhcpd: DHCPRELEASE of 192.168.168.4 from 00:21:5a:56:6f:6d (HP566F6D) via eth0 (found)
Aug 21 14:34:16 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:34:17 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:34:17 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:34:17 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:34:20 ls2ka named[23113]: zone elton-intra.net/IN: sending notifies (serial 60420)
Aug 21 14:34:59 ls2ka named[23113]: client 192.168.168.3#56914: updating zone '168.168.192.in-addr.arpa/IN': deleting rrset at '75.168.168.192.in-addr.arpa' PTR
Aug 21 14:34:59 ls2ka dhcpd: removed reverse map on 75.168.168.192.in-addr.arpa.
Aug 21 14:34:59 ls2ka named[23113]: zone 168.168.192.in-addr.arpa/IN: sending notifies (serial 1997101890)
Aug 21 14:36:24 ls2ka clamd.scan[2280]: SelfCheck: Database status OK.
Aug 21 14:46:21 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:46:22 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:46:22 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:46:22 ls2ka setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l 16a5ae5d-0e34-41f6-923f-c2ec7c7e52b0
Aug 21 14:46:23 ls2ka setroubleshoot: SELinux is preventing named (named_t) "remove_name" named_zone_t. For complete SELinux messages. run sealert -l 9bd0926c-b839-4020-a3b4-d2d7f639c8d7
Aug 21 14:46:23 ls2ka setroubleshoot: SELinux is preventing named (named_t) "remove_name" named_zone_t. For complete SELinux messages. run sealert -l 9bd0926c-b839-4020-a3b4-d2d7f639c8d7
Aug 21 14:46:23 ls2ka setroubleshoot: SELinux is preventing named (named_t) "remove_name" named_zone_t. For complete SELinux messages. run sealert -l 9bd0926c-b839-4020-a3b4-d2d7f639c8d7


What is wrong here? Do I need to remove the bind-chroot package?

I don't get it. Please help me.
Comment 5 Eddie Lania 2009-08-22 08:54:35 EDT
Please respond.
Comment 6 Adam Tkac 2009-08-27 06:42:07 EDT

*** This bug has been marked as a duplicate of bug 518749 ***

Note You need to log in before you can comment on or make changes to this bug.