Hello,
On a fresh install the selinux context are 'var_t', and if I changed it to
'named_var_run_t' it works!
[root@ run]# ls -lZ
total 0
drwxrwx---. 2 named named system_u:object_r:var_t:s0 42 Jun 13 14:50 named
FYI:
I also tried to install the builtin named in RHEL-8, and their systemd unit
file looks like this. They are also using 'pidfile'
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=named-setup-rndc.service
After=network.target
[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then
/usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is
disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then
/usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM
$MAINPID'
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Anyone else who are using ISC repo and have the same issue with the wrong
selinux context?
________________________________
From: bind-users <[email protected]> on behalf of Sandro
<[email protected]>
Sent: Friday, 10 June 2022 17.45
To: [email protected] <[email protected]>
Subject: Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing
SELinux
[EKSTERN MAIL]
On 10-06-2022 17:21, Reindl Harald wrote:
My apologies if I offended you.
> seriously - about what magic are you talking?
> do you even know what a pidfile is?
>
> it's a simple textfile where the process writes it's PID
> and PIDFile forces systemd to read that file and use the content as
> "Main PID"
Yes, I am aware of what a pidfile is.
So, above would underline my analysis that systemd was not able to read
the pidfile. Possible causes:
1. Configuration issue: named did not write the pidfile to the file
indicated in the unit file by PIDFile
2. SELinux issue: named was not able to write the pidfile, because
SELinux denied access.
> the whole point of my responses was the upstream should reconsider to
> use the option becasue it's proven to be useless no matter what some
> outdated manpage says
I cannot comment on the man page being up to date. But I already agreed
with your point of view, that PIDFile in case of named has become obsolete.
So, I think we are on the same page here.
-- Sandro
--
Visit
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0
to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S1jUdEBRKqIZn4e5aNszwAzghLDxr4H7XCfFIxBhCyQ%3D&reserved=0
for more information.
bind-users mailing list
[email protected]
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
