Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Reindl Harald h.reindl at thelounge.net
Fri Jun 10 15:21:59 UTC 2022 


Am 10.06.22 um 17:07 schrieb Sandro:
> 
> On 10-06-2022 16:02, Reindl Harald wrote:
>> come on!
>>
>> the OP clearly stated the only problem is the "PIDFile" line in the
>> systemd-unit and so what named writes or not is completly irrelevant
>>
>> "PIDFile" for systemd has nothing to do with "pid-file" of named
> 
> :facepalm:
> 
> Indeed. I was led down the garden path. The PIDFile setting in the unit 
> file can be totally different from the pid-file option in bind. 
> Although, they should probably point to the same file.
> 
> Yet, the man page for systemd.service (5) states:
> 
> Usage of this option [PIDFile] is recommended for services where Type= 
> is set to forking.
> 
> So, it was probably just a simple misconfiguration and systemd applying 
> some of its "magic" to a non-existent file...

seriously - about what magic are you talking?
do you even know what a pidfile is?

it's a simple textfile where the process writes it's PID
and PIDFile forces systemd to read that file and use the content as 
"Main PID"

> Anyway, in my case the PIDFile option is set, be it useful or not, and 
> SELinux is running in enforcing mode all without any issues

the whole point of my responses was the upstream should reconsider to 
use the option becasue it's proven to be useless no matter what some 
outdated manpage says

there is only one situation where it's needed: a service written that 
terrible that systemd is unable to guess the "Main PID"

can't apply to services with only one process by definition - what 
exactly can be wrong guessed below when there is only a single process?

even in case of a forking service after the fork ther is still only one 
process and one PID in the cgroup

[root at srv-rhsoft:~]$ systemctl status named
● named.service - DNS Server
      Loaded: loaded (/etc/systemd/system/named.service; enabled; vendor 
preset: disabled)
      Active: active (running) since Thu 2022-06-09 01:06:51 CEST; 1 day 
16h ago
    Main PID: 1428 (named)
       Tasks: 18 (limit: 512)
      Memory: 50.5M
         CPU: 4min 30.989s
      CGroup: /system.slice/named.service
              └─ 1428 /usr/sbin/named -4 -f -u named -t /var/named/chroot

More information about the bind-users mailing list