Summary: SELinux is preventing /usr/sbin/named "add_name" access on named.pid. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by named. It is not expected that this access is required by named and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:named_t:s0 Target Context system_u:object_r:default_t:s0 Target Objects named.pid [ dir ] Source named Source Path /usr/sbin/named Port <Unknown> Host (removed) Source RPM Packages bind-9.6.2-4.P2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-116.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.12-115.fc12.i686.PAE #1 SMP Fri Apr 30 20:14:08 UTC 2010 i686 athlon Alert Count 3 First Seen Fri 11 Jun 2010 12:36:28 AM IRDT Last Seen Fri 11 Jun 2010 12:36:28 AM IRDT Local ID 58e5f670-8479-40a2-8572-ce5a7a0ecbd9 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1276200388.429:12): avc: denied { add_name } for pid=1788 comm="named" name="named.pid" scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1276200388.429:12): avc: denied { create } for pid=1788 comm="named" name="named.pid" scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file node=(removed) type=AVC msg=audit(1276200388.429:12): avc: denied { write } for pid=1788 comm="named" name="named.pid" dev=sda5 ino=1572879 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1276200388.429:12): arch=40000003 syscall=5 success=yes exit=5 a0=d45105 a1=c1 a2=1a4 a3=d45105 items=0 ppid=1786 pid=1788 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="named" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null) Hash String generated from catchall,named,named_t,default_t,dir,add_name audit2allow suggests: #============= named_t ============== allow named_t default_t:dir add_name; allow named_t default_t:file { write create };
*** This bug has been marked as a duplicate of bug 602992 ***