I discovered that my logging somewhat failed:
1) I tried to use the link provided to submit a buzilla and apparently it brought up bluefish and within asks for my account name and password, and I tried to save this file but in doing so it failed to backup the file, so I clicked "continue" and it froze up. What am I doing wrong?
2) The specific selinux error is as follows: ============================================= Summary:
SELinux is preventing named (named_t) "write" to ./named (named_conf_t).
Detailed Description:
SELinux denied access requested by named. It is not expected that this access is required by named and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./named,
restorecon -v './named'
If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:named_t:s0 Target Context system_u:object_r:named_conf_t:s0 Target Objects ./named [ dir ] Source named Source Path /usr/sbin/named Port <Unknown> Host gold.cdkkt.com Source RPM Packages bind-9.5.0-27.rc1.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-109.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name gold.cdkkt.com Platform Linux gold.cdkkt.com 2.6.25.4-10.fc8 #1 SMP Thu May 22 23:34:09 EDT 2008 i686 i686 Alert Count 3 First Seen Tue 10 Jun 2008 07:38:58 AM PDT Last Seen Tue 10 Jun 2008 07:52:54 AM PDT Local ID 616a532f-b429-435d-bf97-e1d8427cc638 Line Numbers
Raw Audit Messages
host=gold.cdkkt.com type=AVC msg=audit(1213109574.740:334): avc: denied { write } for pid=10160 comm="named" name="named" dev=sdb5 ino=2622969 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_conf_t:s0 tclass=dir
host=gold.cdkkt.com type=SYSCALL msg=audit(1213109574.740:334): arch=40000003 syscall=38 success=no exit=-13 a0=b543b4e8 a1=b7ea5ad2 a2=470214 a3=b7ea5ad2 items=0 ppid=10158 pid=10160 auid=500 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=1 comm="named" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null)
Thanks! Dan
On Tuesday 10 June 2008 08:00:25 am Daniel B. Thurman wrote:
I discovered that my logging somewhat failed:
- I tried to use the link provided to submit a buzilla and
apparently it brought up bluefish and within asks for my account name and password, and I tried to save this file but in doing so it failed to backup the file, so I clicked "continue" and it froze up. What am I doing wrong? 2) The specific selinux error is as follows: [snipped!]
I solved (2) above. Apparently restorecon incorrectly set the named directory to the wrong context (named_conf_t) so I had to manually set it to named_log_t.
As for (1) above, I would still like to know how to get the bugzilla part working, but it is not a high priority for me at this time.
Thanks- Dan
Dan Thurman wrote:
On Tuesday 10 June 2008 08:00:25 am Daniel B. Thurman wrote:
I discovered that my logging somewhat failed:
- I tried to use the link provided to submit a buzilla and apparently it brought up bluefish and within asks for my account name and password, and I tried to save this file but in doing so it failed to backup the file, so I clicked "continue" and it froze up. What am I doing wrong?
- The specific selinux error is as follows:
[snipped!]
I solved (2) above. Apparently restorecon incorrectly set the named directory to the wrong context (named_conf_t) so I had to manually set it to named_log_t.
As for (1) above, I would still like to know how to get the bugzilla part working, but it is not a high priority for me at this time.
Thanks- Dan
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What directory is named trying to write to?
If you are trying to have named update zone files, do you have
named_write_master_zones boolean turned on?
setsebool -P named_write_master_zones=1
selinux@lists.fedoraproject.org