On 10-06-2022 10:52, Søren Andersen wrote:
I've installed a fresh BIND on a RHEL 8.6 system with enforcing
SElinux, and when I try to start BIND with the provided systemd unit
file it just waits and timeout, and also logs these errors in
/var/log/message
Jun 10 10:09:25 systemd[1]: isc-bind-named.service: Can't convert
PID files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
descriptor to proper file descriptor: Permission denied Jun 10
10:09:25 systemd[1]: isc-bind-named.service: Can't convert PID files
/var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
descriptor to proper file descriptor: Permission denied
What is the SELinux context of the directory, where the PID files are
stored? In your case:
ls -Z /var/opt/isc/scls/isc-bind/run/named
It needs to be named_var_run_t for SELinux allowing named access to that
directory.
You may need to set this yourself using 'chcon', since your installation
is not using the default path, that an installation from the package
manger would.
On 10-06-2022 12:53, Reindl Harald wrote:
if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID"
won't work for nearly 10 years without "PIDFile" (no i won't use and
configure rndc - keep it simple)
That's a personal choice, but probably not the answer to the OPs
question. The shipped unit file for named on Fedora (and by extension
RHEL) makes use of PID files. I presume to cater for cases where rndc is
not being used.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
