BIND named unable to write log files due to SELinux

Solution Verified - Updated -

Issue

  • BIND named is not writing logs to the configured locations unless SELinux is in permissive mode (setenforce 0) when I start it

  • By default, should SELinux allow named to write to its own log file? I'm seeing this report from setroubleshoot:

    SELinux is preventing /usr/sbin/named from append access on the file /var/named/logs/named.log.
    ...
    Additional Information:
    Source Context                system_u:system_r:named_t:s0
    Target Context                system_u:object_r:named_zone_t:s0
    Target Objects                /var/named/logs/named.log [ file ]
    Source                        named
    Source Path                   /usr/sbin/named
    ...
    Raw Audit Messages
    type=AVC msg=audit(1445536202.809:97592): avc:  denied  { append } for  pid=1908 comm="named" name="named.log" dev="dm-0" ino=1504013 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=file
    
    type=SYSCALL msg=audit(1445536202.809:97592): arch=x86_64 syscall=open success=yes exit=ECHILD a0=7f8512462240 a1=441 a2=1b6 a3=fffffffffffffd49 items=0 ppid=1 pid=1908 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm=named exe=/usr/sbin/named subj=system_u:system_r:named_t:s0 key=(null)
    

Environment

  • Red Hat Enterprise Linux
  • named / BIND

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.