why bind unable to find log files
Eivind Olsen
eivind at aminor.no
Mon Jun 13 10:03:01 UTC 2011
kshitij mali wrote:
> Jun 13 11:00:23 relay named[14508]: logging channel 'resolver_file' file
> '/var/log/resolver.log': permission denied
> Jun 13 11:00:23 relay kernel: audit(1307943023.256:7): avc: denied {
> append } for pid=14511 comm="named" name="resolver.log" dev=cciss/c0d0p2
> ino=1391030 scontext=root:system_r:named_t
> tcontext=root:object_r:named_conf_t tclass=file
Ah. It looks like you have SELinux enabled. SELinux, like so many other
tools, give you plenty of opportunities to run into problems when used
incorrectly or when not fully understood.
Here's your main options - you'll have to decide for yourself which ones
are ok for you. Perhaps you have some local policy that requires you to
run SELinux, for example..?
1) You can disable SELinux completely
2) You can run SELinux in permissive mode. It won't block anything then,
but it will fill your logs telling you it could have blocked something.
3) You could work within the limits of your local SELinux policies, put
the logfile into a directory allowed by the SELinux policy etc.
4) You could change your local SELinux policy settings to allow BIND to
write to your logfile in that specific directory.
The short version of this: learn how to use SELinux if you are going to
have it enabled, otherwise you might as well disable it...?
Regards
Eivind Olsen
More information about the bind-users
mailing list