Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux
Sandro
lists at penguinpee.nl
Fri Jun 10 13:22:17 UTC 2022
On 10-06-2022 10:52, Søren Andersen wrote:
> I've installed a fresh BIND on a RHEL 8.6 system with enforcing
> SElinux, and when I try to start BIND with the provided systemd unit
> file it just waits and timeout, and also logs these errors in
> /var/log/message
>
> Jun 10 10:09:25 systemd[1]: isc-bind-named.service: Can't convert
> PID files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
> descriptor to proper file descriptor: Permission denied Jun 10
> 10:09:25 systemd[1]: isc-bind-named.service: Can't convert PID files
> /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file
> descriptor to proper file descriptor: Permission denied
What is the SELinux context of the directory, where the PID files are
stored? In your case:
ls -Z /var/opt/isc/scls/isc-bind/run/named
It needs to be named_var_run_t for SELinux allowing named access to that
directory.
You may need to set this yourself using 'chcon', since your installation
is not using the default path, that an installation from the package
manger would.
On 10-06-2022 12:53, Reindl Harald wrote:
> if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID"
> won't work for nearly 10 years without "PIDFile" (no i won't use and
> configure rndc - keep it simple)
That's a personal choice, but probably not the answer to the OPs
question. The shipped unit file for named on Fedora (and by extension
RHEL) makes use of PID files. I presume to cater for cases where rndc is
not being used.
-- Sandro
More information about the bind-users
mailing list