From: Timothy Wood <timothy@hallcomp.com>
To: SELinux <SELinux@tycho.nsa.gov>
Subject: named.
Date: 03 Jul 2002 16:44:39 -0400 [thread overview]
Message-ID: <1025729079.3619.133.camel@phobos> (raw)
Does bind 9 not work with SE?
I keep getting messages about named trying to bind to port 13568 and
then failing to attach itself to any interface. I've looked through the
isc bind 9 archives to try and find anything about binding to this port
with no luck and although named starts it never binds properly to port
53. I started with the named files off of my current working name
server to save time. However when it appeared that the lack of
instructions on where to bind itself prevented it from working properly
I added specific listen-on statements in the named.conf and it still
does the same thing. I've relabeled all the files since I installed
bind with no luck and, as I mentioned, search the bind archives with no
luck. I tried these archives from the NSA site but all I could find was
a message from Russel with changes to allow bind to attach itself to tcp
53. Below is the named and avc messages and I can attach the named.conf
or any other information if someone needs.
Timothy,
named[2625]: starting BIND 9.2.0 -u named
named[2625]: using 1 CPU
named[2628]: loading configuration from '/etc/named.conf'
named[2628]: no IPv6 interfaces found
named[2628]: listening on IPv4 interface lo, 127.0.0.1#53
kernel:
kernel: avc: denied { name_bind } for pid=2628 exe=/usr/sbin/named
port=13568 scontext=root:sysadm_r:sysadm_t
tcontext=system_u:object_r:named_port_t tclass=udp_socket
named[2628]: could not listen on UDP socket: permission denied
named[2628]: creating IPv4 interface lo failed; interface ignored
named[2628]: listening on IPv4 interface eth0, 192.168.42.242#53
kernel:
kernel: avc: denied { name_bind } for pid=2628 exe=/usr/sbin/named
port=13568 scontext=root:sysadm_r:sysadm_t
tcontext=system_u:object_r:named_port_t tclass=udp_socket
named[2628]: could not listen on UDP socket: permission denied
named[2628]: creating IPv4 interface eth0 failed; interface ignored
named[2628]: not listening on any interfaces
named[2628]: command channel listening on 127.0.0.1#953
named[2628]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
named[2628]: zone localhost/IN: loaded serial 42
named[2628]: running
named: named startup succeeded
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
reply other threads:[~2002-07-03 20:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1025729079.3619.133.camel@phobos \
--to=timothy@hallcomp.com \
--cc=SELinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.