BIND named unable to write log files due to SELinux
Issue
-
BIND named is not writing logs to the configured locations unless SELinux is in permissive mode (
setenforce 0) when I start it -
By default, should SELinux allow named to write to its own log file? I'm seeing this report from setroubleshoot:
SELinux is preventing /usr/sbin/named from append access on the file /var/named/logs/named.log. ... Additional Information: Source Context system_u:system_r:named_t:s0 Target Context system_u:object_r:named_zone_t:s0 Target Objects /var/named/logs/named.log [ file ] Source named Source Path /usr/sbin/named ... Raw Audit Messages type=AVC msg=audit(1445536202.809:97592): avc: denied { append } for pid=1908 comm="named" name="named.log" dev="dm-0" ino=1504013 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=file type=SYSCALL msg=audit(1445536202.809:97592): arch=x86_64 syscall=open success=yes exit=ECHILD a0=7f8512462240 a1=441 a2=1b6 a3=fffffffffffffd49 items=0 ppid=1 pid=1908 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm=named exe=/usr/sbin/named subj=system_u:system_r:named_t:s0 key=(null)
Environment
- Red Hat Enterprise Linux
- named / BIND
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
