Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Søren Andersen soande at norlys.dk
Tue Jun 14 07:15:07 UTC 2022 

Hello Michael,

Oh.. gosh.. You're right.. It works! - It wasn't 100% clear to me that this was the only correct way to install bind from your repo.

Thanks a lot.


/Søren

________________________________
From: Michał Kępień <michal at isc.org>
Sent: Monday, 13 June 2022 22.04
To: Søren Andersen <soande at norlys.dk>
Cc: Sandro <lists at penguinpee.nl>; bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

[EKSTERN MAIL]


Søren,

> On a fresh install the selinux context are 'var_t', and if I changed it to 'named_var_run_t' it works!

This is the suspicious part for me.  How did you install the packages?
The only supported way is the one that is documented [1]:

    dnf install isc-bind

That pulls in the SCL metapackage which sets up SELinux file context
equivalency rules [2] and relieves you from having to apply any sort of
manual SELinux context tweaks.

My guess is that you installed one of the "individual" packages
directly, e.g. "dnf install isc-bind-bind".  Please be aware that if the
SELinux contexts are not set up by the metapackage, you may run into
other similar issues in the future.

[1] https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcopr.fedorainfracloud.org%2Fcoprs%2Fisc%2Fbind%2F&data=05%7C01%7Csoande%40norlys.dk%7Cb2bfc25e903842b100a108da4d77e387%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637907474569851316%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GAHHaI6ZD5XmJFZTGNR0rEN4FnFy8IB8RveJeDnf9h4%3D&reserved=0
[2] https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.isc.org%2Fisc-packages%2Frpms%2Fisc-bind%2F-%2Fblob%2F7b525a31c2bd9b51c10b2ed2aca8d5244221f359%2Fisc-bind.spec%23L77&data=05%7C01%7Csoande%40norlys.dk%7Cb2bfc25e903842b100a108da4d77e387%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637907474569851316%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6vpWn48txk%2F3xsIsMyQvJwlxDEN4b5kGu4baOLytcJg%3D&reserved=0

--
Best regards,
Michał Kępień
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220614/7cb2878d/attachment.htm>

More information about the bind-users mailing list