Description of problem:
Trying to run unbound causes SELinux alerts which can be worked around by the following commands:
# semanage port -a -t dns_port_t -p tcp 8953
# grep unbound /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Version-Release number of selected component (if applicable):
Install unbound and try to run it using:
# systemctl start unbound.service
I'm seeing this too, in Fedora 14.
unbound has no selinux policies yet. I hope to add these soon
*** Bug 747972 has been marked as a duplicate of this bug. ***
Added port 8953 to dns_port_t by default in F16
I've solve it by disable the remote control.
# Remote control config section.
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.
# Note: required for unbound-munin package
I propose to change the default config of the package to solve this issue. What do you think about it ?
Bad idea to "solve" the problem by changing the default config.
That just means it will break when the remote-control option is enabled.
Fixing the policy is the correct route. Shame it's only in Fedora, not RHEL6.2 !! :)
This was fixed in the last few weeks with updates to the selinux-policy package. Please try with the latest (or perhaps the latest from updates-testing at this point) and let me know if you still see any problems.
Thanks to Dan Walsh for fixing this with me!