Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux
Sandro
lists at penguinpee.nl
Fri Jun 10 13:56:20 UTC 2022
On 10-06-2022 15:27, Reindl Harald wrote:
> Am 10.06.22 um 15:22 schrieb Sandro:
>> On 10-06-2022 12:53, Reindl Harald wrote:
>>> if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID"
>>> won't work for nearly 10 years without "PIDFile" (no i won't use and
>>> configure rndc - keep it simple)
>> That's a personal choice, but probably not the answer to the OPs
>> question. The shipped unit file for named on Fedora (and by extension
>> RHEL) makes use of PID files. I presume to cater for cases where rndc is
>> not being used.
> you missed my point - this "ExecReload" proves that the PIDFile is useless
>
> > The shipped unit file for named on
> > Fedora (and by extension RHEL) makes
> > use of PID files
>
> but why in the world for a service with only a single process?
I'm not saying you are wrong. But since 'pid-file' option has a default
setting if not defined otherwise in options {}, named will try to write it.
Maybe the default should be 'none'. Or setting it to 'none' should be
advised for systemd managed systems. Until then, with SELinux in
enforcing mode, the file security context must be correct.
OP's question, as I read it, was why named chokes on not being able to
write the PID file.
-- Sandro
More information about the bind-users
mailing list