Created attachment 494934 [details] Selinux debug Description of problem: When trying to reload zones on a freshly configured bind name server it appears that when a zone file is being downloaded from the master server selinux denies the write to the zones directory. Version-Release number of selected component (if applicable): bind version 9.7.0-p2-redhat-9.7.0-6.p2.e15 rhel 5.6 kernel 2.6.18-238.9.1.e15 How reproducible: This appears to happen every time my master DNS server sends a notify to the secondary (slave) server and the secondary attempts to download the changed zone file. Steps to Reproduce: 1. Change zone on primary server 2. Reload changed zone on primary 3. tail -f /var/log/messages Actual results: Zones are not transferred from the master. Expected results: Zone files should be written to my zones folder within /etc/named Additional info: SELinux is preventing named (named_t) "write" to ./zones (etc_t). I have already tried the suggested fix action that SELinux recommends and it doesn't appear to be working. This may be a bug. Both machines have been fully patched and are running the latest bind available. Please see attached debug output.
This looks like you have some files mislabelled? # restorecon -R -v /var/named You probably need to turn on the named_write_master_zones boolean also. # setsebool -P named_write_master_zones 1
(In reply to comment #1) > This looks like you have some files mislabelled? > > # restorecon -R -v /var/named > > > > You probably need to turn on the named_write_master_zones boolean also. > > # setsebool -P named_write_master_zones 1 I changed all of my zones file locations over to the /var/named folder and then issued the selinux boolean command and all appears to be well. This is not a bug. Bind was trying to write to the etc directory when it should have been writing to the /var/named directory. This is not a bug just a misunderstanding to selinux and how bind works as a slave. problem solved. Thanks, -Jon