On Mon, 2005-12-12 at 10:30 -0700, Lamont R. Peterson wrote:
On Monday 12 December 2005 05:55am, Craig White wrote:
> from /var/log/messages
>
> Dec 12 05:11:48 srv1 named[18083]: /var/named/clsurvey.com.hosts.jnl:
> create: permission denied
Have you flipped the named_write_master_zones boolean?
----
I haven't done anything other than create the entries that I listed in
local.te and reload the policy. How do I 'flipp the
named_write_master_zones boolean?
----
> Dec 12 05:11:48 srv1 kernel: audit(1134389508.478:0): avc: denied
> { add_name } for pid=18084 comm=named name=clsurvey.com.hosts.jnl
> scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t
> tclass=dir
>
> Dec 12 05:11:48 srv1 named[18083]: client 192.168.1.1#33259: updating
> zone 'clsurvey.com/IN': error: journal open failed: unexpected error
>
> I have added to /etc/selinux/targeted/src/policy/domains/local.te
> allow named_t named_zone_t:dir write;
>
> and then make reload but the problem doesn't go away.
>
> Suggestions?
>
> Thanks
HTH.
----
it just pointed out another of the infinite things I don't understand.
Thanks
Craig