Robert Moskowitz
2017-Feb-09 21:36 UTC
[CentOS] Centos7 - SELinux messing with my named.conf
Well, actually it is me cp-ing files and SELinux yelling at me later... I had named working, but detected that I had a couple clean ups to do in /etc/named.conf and an include file in /etc/named. I made the changes, scp to my user id from my notebook, 'su' in my ssh session and cp the named.conf and other files. Made sure to fix the file ownership with chown root:named, and that permissions were correct. Then restarted named. Of course if failed. After a little playing and digging around I find: # journalctl -xe -- -- Unit named-setup-rndc.service has finished starting up. -- -- The start-up result is done. Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Starting Berkeley Internet Nam -- Subject: Unit named.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has begun starting up. Feb 09 16:27:41 rigel.htt-consult.com bash[3082]: open: /etc/named.conf: permiss Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: named.service: control process Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Failed to start Berkeley Inter -- Subject: Unit named.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has failed. -- -- The result is failed. Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Unit named.service entered fai Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: named.service failed. Feb 09 16:27:41 rigel.htt-consult.com polkitd[567]: Unregistered Authentication setenforce 0 and named starts right up, indicating it IS a SELinux issue. So what SELinux magic do I need here and were is it documented? thanks
Gordon Messmer
2017-Feb-09 21:51 UTC
[CentOS] Centos7 - SELinux messing with my named.conf
On 02/09/2017 01:36 PM, Robert Moskowitz wrote:> So what SELinux magic do I need hererestorecon /etc/named.conf
Robert Moskowitz
2017-Feb-09 22:04 UTC
[CentOS] Centos7 - SELinux messing with my named.conf
On 02/09/2017 04:51 PM, Gordon Messmer wrote:> On 02/09/2017 01:36 PM, Robert Moskowitz wrote: >> So what SELinux magic do I need here > > restorecon /etc/named.confThanks that did the trick. I have added this to my long list of 'things to check out'