not able to start bind:SELinux is preventing the named daemon from writing to the zon

abhijit_mohanta · 08-31-2009, 07:16 AM

I am getting the following error when i start bind
SELinux is preventing the named daemon from writing to the zone directory

I have done all configurations in bind according to following link
fedora version 9
hopefully can be solved by audit2allow.

command:audit2allow -i /var/log/audit/audit.log -l

output:
#============= named_t ==============
allow named_t named_zone_t:dir write;

Can anybody help?

kdelover · 08-31-2009, 07:37 AM

am not so good with selinux

all i know is put selinux in permissive mode rather than having it in enforcing or disabled mode.

do getsebool and see what mode it is in and then do a setsebool 0

abhijit_mohanta · 08-31-2009, 07:40 AM

can u plz tell me how to put selinux in permissive mode

markotitel · 08-31-2009, 07:46 AM

You can try this

Quote:

system-config-securitylevel-tui

and then set it up

kdelover · 08-31-2009, 08:08 AM

setsebool 0 do a man setsebool.

unSpawn · 09-01-2009, 05:03 PM

Quote:

Originally Posted by kdelover

am not so good with selinux

all i know is put selinux in permissive mode rather than having it in enforcing or disabled mode.

Disabling SELinux is not the preferred way of dealing with issues. Rather than taking the easy way out, comfortably learning nothing in the process, you could try to understand what the error is about and how to correct it.

Quote:

Originally Posted by abhijit_mohanta

Code:

#============= named_t ==============
allow named_t named_zone_t:dir write;

This would make sense if the Fedora SELinux BIND policy didn't already allow named_t to write to named_zone_t. Odd. See if there's any inactive booleans? Run 'getsebool -a|grep named'. If you like Fedora you should keep up with the release schedule (11 is current now) or choose a distribution with a less demanding update schedule because Fedora 9 is outdated and no longer maintained (if you didn't know).