LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (http://www.linuxquestions.org/questions/fedora-35/)
-   -   not able to start bind:SELinux is preventing the named daemon from writing to the zon (http://www.linuxquestions.org/questions/fedora-35/not-able-to-start-bind-selinux-is-preventing-the-named-daemon-from-writing-to-the-zon-751465/)

abhijit_mohanta 08-31-2009 08:16 AM

not able to start bind:SELinux is preventing the named daemon from writing to the zon
 
I am getting the following error when i start bind
SELinux is preventing the named daemon from writing to the zone directory

I have done all configurations in bind according to following link
fedora version 9
hopefully can be solved by audit2allow.

command:audit2allow -i /var/log/audit/audit.log -l

output:
#============= named_t ==============
allow named_t named_zone_t:dir write;


Can anybody help?

kdelover 08-31-2009 08:37 AM

am not so good with selinux :) all i know is put selinux in permissive mode rather than having it in enforcing or disabled mode.

do getsebool and see what mode it is in and then do a setsebool 0

abhijit_mohanta 08-31-2009 08:40 AM

can u plz tell me how to put selinux in permissive mode

markotitel 08-31-2009 08:46 AM

You can try this
Quote:

system-config-securitylevel-tui
and then set it up

kdelover 08-31-2009 09:08 AM

setsebool 0 do a man setsebool.

unSpawn 09-01-2009 06:03 PM

Quote:

Originally Posted by kdelover (Post 3663851)
am not so good with selinux :) all i know is put selinux in permissive mode rather than having it in enforcing or disabled mode.

Disabling SELinux is not the preferred way of dealing with issues. Rather than taking the easy way out, comfortably learning nothing in the process, you could try to understand what the error is about and how to correct it.


Quote:

Originally Posted by abhijit_mohanta (Post 3663830)
Code:

#============= named_t ==============
allow named_t named_zone_t:dir write;


This would make sense if the Fedora SELinux BIND policy didn't already allow named_t to write to named_zone_t. Odd. See if there's any inactive booleans? Run 'getsebool -a|grep named'. If you like Fedora you should keep up with the release schedule (11 is current now) or choose a distribution with a less demanding update schedule because Fedora 9 is outdated and no longer maintained (if you didn't know).


All times are GMT -5. The time now is 08:41 AM.