Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

[Søren Andersen]

I think the source of the systemd unit file is from: https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in
(And I'm using ISC's repo)

Perhaps Michał Kępień have any idea? 🙂

[https://gitlab.isc.org/uploads/-/system/project/avatar/49/rpm-public.png]<https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in>
named.service.in · main · ISC Packages / rpms / BIND RPMs - public<https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in>
BIND RPM packaging
gitlab.isc.org


________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Reindl Harald <h.reindl at thelounge.net>
Sent: Friday, 10 June 2022 12.53
To: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

[EKSTERN MAIL]


Am 10.06.22 um 10:52 schrieb Søren Andersen:
> I've installed a fresh BIND on a RHEL 8.6 system with enforcing SElinux,
> and when I try to start BIND with the provided systemd unit file it just
> waits and timeout, and also logs these errors in /var/log/message
>
> Jun 10 10:09:25 systemd[1]: isc-bind-named.service: Can't convert PID
> files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
> descriptor to proper file descriptor: Permission denied
> Jun 10 10:09:25 systemd[1]: isc-bind-named.service: Can't convert PID
> files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
> descriptor to proper file descriptor: Permission denied
>
> If I remove PIDFile in the systemd unit it just works fine..
>
>
> [Service]
> Type=forking
> EnvironmentFile=-/etc/opt/isc/scls/isc-bind/sysconfig/named
> #PIDFile=/var/opt/isc/scls/isc-bind/run/named/named.pid
> ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named $OPTIONS
> ExecReload=/bin/kill -HUP $MAINPID
> ExecStop=/bin/kill -TERM $MAINPID
> PrivateTmp=true
>
> Anyone else experiences this?

PIDFile shouldn't be needed at all - esepcially for threaded services
it's useless, systemd knows the PID anyways

if that option is used in the provided systemd-unit one should ask the
guy who have written it: why?

if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID" won't
work for nearly 10 years without "PIDFile" (no i won't use and configure
rndc - keep it simple)
--
Visit https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7C35049f37940f4be5405a08da4acfa434%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904552917897567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LlGWwFT3ZmPNZIujZTrEw2vSVvIjumg4W8HogtxTPcQ%3D&reserved=0 to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Csoande%40norlys.dk%7C35049f37940f4be5405a08da4acfa434%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904552917897567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9cG5%2FQKYUONKU7zblcRLHkEsMMWzuxVgriKIwCtByE0%3D&reserved=0 for more information.


bind-users mailing list
bind-users at lists.isc.org
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7C35049f37940f4be5405a08da4acfa434%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904552917897567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LlGWwFT3ZmPNZIujZTrEw2vSVvIjumg4W8HogtxTPcQ%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220610/f6c53d42/attachment-0001.htm>