Re: why bind unable to find log files
kshitij mali wrote:
> Jun 13 11:00:23 relay named[14508]: logging channel 'resolver_file' file
> '/var/log/resolver.log': permission denied
> Jun 13 11:00:23 relay kernel: audit(1307943023.256:7): avc: denied {
> append } for pid=14511 comm="named" name="resolver.log" dev=cciss/c0d0p2
> ino=1391030 scontext=root:system_r:named_t
> tcontext=root:object_r:named_conf_t tclass=file
Ah. It looks like you have SELinux enabled. SELinux, like so many other
tools, give you plenty of opportunities to run into problems when used
incorrectly or when not fully understood.
Here's your main options - you'll have to decide for yourself which ones
are ok for you. Perhaps you have some local policy that requires you to
run SELinux, for example..?
1) You can disable SELinux completely
2) You can run SELinux in permissive mode. It won't block anything then,
but it will fill your logs telling you it could have blocked something.
3) You could work within the limits of your local SELinux policies, put
the logfile into a directory allowed by the SELinux policy etc.
4) You could change your local SELinux policy settings to allow BIND to
write to your logfile in that specific directory.
The short version of this: learn how to use SELinux if you are going to
have it enabled, otherwise you might as well disable it...?
Regards
Eivind Olsen
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: why bind unable to find log files
Hi Warren,
please see the error message in /var/log/messages , has i have created the
dir log in the chroot /var/named/chroot/var and created the file
resolver.log and also changed the owner ship of file as well as the dir log
to named
===
Jun 13 11:00:23 relay named[14508]: loading configuration from
'/etc/named.conf'
Jun 13 11:00:23 relay named[14508]: logging channel 'resolver_file' file
'/var/log/resolver.log': permission denied
Jun 13 11:00:23 relay kernel: audit(1307943023.256:7): avc: denied {
append } for pid=14511 comm="named" name="resolver.log" dev=cciss/c0d0p2
ino=1391030 scontext=root:system_r:named_t
tcontext=root:object_r:named_conf_t tclass=file
Jun 13 11:00:23 relay named: named reload succeeded
=
Regards,
Kshitij
On Sat, Jun 11, 2011 at 7:23 PM, Warren Kumari wrote:
>
> On Jun 11, 2011, at 4:22 AM, kshitij mali wrote:
>
> > Hi Mark ,
> >
> > Thanks of taking intreast in my case , yes the rhel4 default bind named
> service is running in chroot jail , know tell we what config changes do i
> nedd to change.
> >
>
> Create a directory inside the chroot jail called var/log/ -- so, if your
> chroot directory is called /foo/bar, create /foor/bar/var/log and make sure
> that bind is allowed to write there…
>
> W
>
>
> > Regards,
> > Kshitij
> >
> > On Sat, Jun 11, 2011 at 7:53 AM, Mark Andrews wrote:
> >
> > Are you starting named with -t ? If so you need to
> > look at the path relative to the .
> >
> > Mark
> >
> > In message , kshitij
> mali w
> > rites:
> >> --===0107398317155429819==
> >> Content-Type: multipart/alternative;
> boundary=20cf3033451dccf8a204a559ffe8
> >>
> >> --20cf3033451dccf8a204a559ffe8
> >> Content-Type: text/plain; charset=ISO-8859-1
> >>
> >> why bind unable to find log files where file is present at location with
> all
> >> permisions
> >> ===
> >> tail -f /var/log/messages
> >>
> >> logging channel 'resolver_file' file '/var/log/resolver.log': file not
> found
> >>
> >> ==
> >> [root@relay virusmails]# ls -l /var/log/resolver.log
> >> -rwxrwxrwx 1 root root 0 Jun 10 16:52 /var/log/resolver.log
> >> ==
> >> below is the named.conf loging declaration
> >> logging {
> >> channel resolver_file { file "/var/log/resolver.log" versions 3 size 5m;
> >> severity debug; print-time
> >> yes; };
> >> category resolver { resolver_file; };
> >>
> >> };
> >> ==
> >>
> >> Regards,
> >> Kshitij
> >>
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> >
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: why bind unable to find log files
On Saturday 11 June 2011 09:53, the following was written: > On Jun 11, 2011, at 4:22 AM, kshitij mali wrote: > > Hi Mark , > > > > Thanks of taking intreast in my case , yes the rhel4 default bind named > > service is running in chroot jail , know tell we what config changes do > > i nedd to change. > > Create a directory inside the chroot jail called var/log/ -- so, if your > chroot directory is called /foo/bar, create /foor/bar/var/log and make sure > that bind is allowed to write there… The directory should be /var/named/chroot if you installed all defaults. Also be aware if selinux is active it will only allow bind to write to certain directories. This is good to know on your slaves. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: why bind unable to find log files
On Jun 11, 2011, at 4:22 AM, kshitij mali wrote:
> Hi Mark ,
>
> Thanks of taking intreast in my case , yes the rhel4 default bind named
> service is running in chroot jail , know tell we what config changes do i
> nedd to change.
>
Create a directory inside the chroot jail called var/log/ -- so, if your chroot
directory is called /foo/bar, create /foor/bar/var/log and make sure that bind
is allowed to write there…
W
> Regards,
> Kshitij
>
> On Sat, Jun 11, 2011 at 7:53 AM, Mark Andrews wrote:
>
> Are you starting named with -t ? If so you need to
> look at the path relative to the .
>
> Mark
>
> In message , kshitij mali
> w
> rites:
>> --===0107398317155429819==
>> Content-Type: multipart/alternative; boundary=20cf3033451dccf8a204a559ffe8
>>
>> --20cf3033451dccf8a204a559ffe8
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> why bind unable to find log files where file is present at location with all
>> permisions
>> ===
>> tail -f /var/log/messages
>>
>> logging channel 'resolver_file' file '/var/log/resolver.log': file not found
>>
>> ==
>> [root@relay virusmails]# ls -l /var/log/resolver.log
>> -rwxrwxrwx 1 root root 0 Jun 10 16:52 /var/log/resolver.log
>> ==
>> below is the named.conf loging declaration
>> logging {
>> channel resolver_file { file "/var/log/resolver.log" versions 3 size 5m;
>> severity debug; print-time
>> yes; };
>> category resolver { resolver_file; };
>>
>> };
>> ==
>>
>> Regards,
>> Kshitij
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: why bind unable to find log files
Hi Mark ,
Thanks of taking intreast in my case , yes the rhel4 default bind named
service is running in chroot jail , know tell we what config changes do i
nedd to change.
Regards,
Kshitij
On Sat, Jun 11, 2011 at 7:53 AM, Mark Andrews wrote:
>
> Are you starting named with -t ? If so you need to
> look at the path relative to the .
>
> Mark
>
> In message , kshitij
> mali w
> rites:
> > --===0107398317155429819==
> > Content-Type: multipart/alternative;
> boundary=20cf3033451dccf8a204a559ffe8
> >
> > --20cf3033451dccf8a204a559ffe8
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > why bind unable to find log files where file is present at location with
> all
> > permisions
> > ===
> > tail -f /var/log/messages
> >
> > logging channel 'resolver_file' file '/var/log/resolver.log': file not
> found
> >
> > ==
> > [root@relay virusmails]# ls -l /var/log/resolver.log
> > -rwxrwxrwx 1 root root 0 Jun 10 16:52 /var/log/resolver.log
> > ==
> > below is the named.conf loging declaration
> > logging {
> > channel resolver_file { file "/var/log/resolver.log" versions 3 size 5m;
> > severity debug; print-time
> > yes; };
> > category resolver { resolver_file; };
> >
> > };
> > ==
> >
> > Regards,
> > Kshitij
> >
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: why bind unable to find log files
Are you starting named with -t ? If so you need to
look at the path relative to the .
Mark
In message , kshitij mali w
rites:
> --===0107398317155429819==
> Content-Type: multipart/alternative; boundary=20cf3033451dccf8a204a559ffe8
>
> --20cf3033451dccf8a204a559ffe8
> Content-Type: text/plain; charset=ISO-8859-1
>
> why bind unable to find log files where file is present at location with all
> permisions
> ===
> tail -f /var/log/messages
>
> logging channel 'resolver_file' file '/var/log/resolver.log': file not found
>
> ==
> [root@relay virusmails]# ls -l /var/log/resolver.log
> -rwxrwxrwx 1 root root 0 Jun 10 16:52 /var/log/resolver.log
> ==
> below is the named.conf loging declaration
> logging {
> channel resolver_file { file "/var/log/resolver.log" versions 3 size 5m;
> severity debug; print-time
> yes; };
> category resolver { resolver_file; };
>
> };
> ==
>
> Regards,
> Kshitij
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
why bind unable to find log files
why bind unable to find log files where file is present at location with all
permisions
===
tail -f /var/log/messages
logging channel 'resolver_file' file '/var/log/resolver.log': file not found
==
[root@relay virusmails]# ls -l /var/log/resolver.log
-rwxrwxrwx 1 root root 0 Jun 10 16:52 /var/log/resolver.log
==
below is the named.conf loging declaration
logging {
channel resolver_file { file "/var/log/resolver.log" versions 3 size 5m;
severity debug; print-time
yes; };
category resolver { resolver_file; };
};
==
Regards,
Kshitij
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
