kshitij mali wrote: > Jun 13 11:00:23 relay named[14508]: logging channel 'resolver_file' file > '/var/log/resolver.log': permission denied > Jun 13 11:00:23 relay kernel: audit(1307943023.256:7): avc: denied { > append } for pid=14511 comm="named" name="resolver.log" dev=cciss/c0d0p2 > ino=1391030 scontext=root:system_r:named_t > tcontext=root:object_r:named_conf_t tclass=file
Ah. It looks like you have SELinux enabled. SELinux, like so many other tools, give you plenty of opportunities to run into problems when used incorrectly or when not fully understood. Here's your main options - you'll have to decide for yourself which ones are ok for you. Perhaps you have some local policy that requires you to run SELinux, for example..? 1) You can disable SELinux completely 2) You can run SELinux in permissive mode. It won't block anything then, but it will fill your logs telling you it could have blocked something. 3) You could work within the limits of your local SELinux policies, put the logfile into a directory allowed by the SELinux policy etc. 4) You could change your local SELinux policy settings to allow BIND to write to your logfile in that specific directory. The short version of this: learn how to use SELinux if you are going to have it enabled, otherwise you might as well disable it...? Regards Eivind Olsen _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users