/etc/init.d/named start
Iniciando named:
Error in named configuration:
zone default.domain/IN: loading from master file /home/admin/conf/dns/default.domain.db failed: permission denied
zone default.domain/IN: not loaded due to errors.
_default/default.domain/IN: permission denied
If change selinux to permissive mode (setenforce 0) => named start.
Ok, then see denials:
Code:
# sealert -a /var/log/audit/audit.log
SELinux is preventing /usr/sbin/named-checkconf from read access on the archivo default.domain.db.
# ausearch -m avc -c named
----
time->Tue Jan 1 20:18:15 2013
type=SYSCALL msg=audit(1357082295.592:26312): arch=c000003e syscall=2 success=yes exit=3 a0=7fa1e3d1f018
a1=0 a2=1b6 a3=0 items=0 ppid=6128 pid=6133 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
ses=1 comm="named-checkconf" exe="/usr/sbin/named-checkconf" subj=unconfined_u:system_r:named_t:s0 key=(null)
type=AVC msg=audit(1357082295.592:26312): avc: denied { open } for pid=6133 comm="named-checkconf" name="default.domain.db"
dev=dm-0 ino=8615 scontext=unconfined_u:system_r:named_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
type=AVC msg=audit(1357082295.592:26312): avc: denied { read } for pid=6133 comm="named-checkconf" name="default.domain.db"
dev=dm-0 ino=8615 scontext=unconfined_u:system_r:named_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
Then switch contexts:
Code:
# semanage fcontext -a -t named_zone_t '/home/admin/conf/dns(/.*)?'
# restorecon -F -R -v /home/admin/conf
# ls -dZ /home/admin/conf/dns/
drwxr-x--x. root root system_u:object_r:named_zone_t:s0 /home/admin/conf/dns/
# ls -Z /home/admin/conf/dns/
-rw-r-----. root named system_u:object_r:named_zone_t:s0
# setenforce 1
But the problem is the same
The funny thing is that if I change to permissive mode and do:
Code:
# sealert -a /var/log/audit/audit.log
100% donefound 0 alerts in /var/log/audit/audit.log
# ausearch-m avc-c named
<not matches>
What is the problem?
---------- Post updated at 07:39 PM ---------- Previous update was at 06:38 PM ----------
Ok, the problem was the context type of directory that contains /dns. The proper context must be var_t:
Test 1:
chcon -t var_t /home/admin/conf
named not start
Test 2:
chcon -t var_t /home/admin
named not start
Test 3:
chcon -t var_t /home
named start!!
Conclusion:
Zone database files must be located in the var directory, so that SELinux allows access.
Hi,
in /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html"
DocumentRoot "/home/phpmy/html"
when I restarted httpd
# /etc/init.d/httpd restart
Stopping httpd:
Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Situation: installed on Centos6.4 this samba4 package
samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc)
I use selinux so i put in context
/var/lock/samba4 -d system_u:object_r:samba_var_t:s0
/var/lock/samba4/.* -- ... (3 Replies)
A problem with binding to local ports (22,23,80) in Fedora 13.
Ports look not used. sshd, webserver is not running.
I am using java remote connection manager. It is working fine with IE or Firefox in Windows with any user account.
With Fedora 13, it starts via Firefox with not root account and... (0 Replies)
Hi All,
Will some one kindly explian below ?
selinux
What is the effect of installing a server using this kickstart option as follows:
selinux --enforcing
and
selinux --disabled (1 Reply)
Hi all,
I've 2 Debian Etch (4) box used as ns1 and ns2 with BIND9. My domain name is something like this:
subdomain.domain.com
And I've 2 authorized DNS servers for the subdomain. I set this line in both of ns1 and ns2 (I.e. in ns1.subdomain.domain.com and ns2.subdomain.domain.com):
cw ... (1 Reply)
Hi ,
I am facing a strange with BIND in Fedora Core 6. Here is the config for more info.
#cat /etc/named.caching-nameserver.conf
options {
listen-on port 53 { any; };
directory "/var/named";
// dump-file "/var/named/data/cache_dump.db";
... (3 Replies)
I have a SQL statement that includes a UNION that I can't get to work when I bind the parameters. (I am binding the parameters to prevent SQL injection.)
Does anybody have any suggestion on how I can use a SQL statement that includes a UNION and bind the params?
Code would be something like... (1 Reply)
I am on a fedora core 2.6.9-1.677 i686
which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just... (1 Reply)