[CentOS] selinux and tinydns
Hi all, tinydns starts up fine, selinux reports no issues (now after a day of clearing errors). If I turn selinux back to permissive in /etc/sysconfig/selinux, and reboot, tinydns responds to queries. If I turn selinux back to enforcing and reboot, tinydns does not respond. Monitoring /var/log/messages shows no errors from iptables/shorewall or selinux. The only way I can find an error is performing the following:- netstat -npl | grep tinydns # gives me the process id strace -f -p From this I can see that tinydns is reporting an error of:- recvfrom(3, 0x606720, 513, 0, 0x7fffc7321ec0, 0x7fffc7321edc) = -1 EACCES (Permission denied) I've got setroubleshoot set to send me an alert on first occurrence of an issue, so far none received. Does anyone know how I should proceed from here ? Thanks Phil. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux and tinydns
On Thu, Feb 14, 2013 at 11:33 AM, Philip Manuel wrote: > Hi all, > > tinydns starts up fine, selinux reports no issues (now after a day of > clearing errors). > > If I turn selinux back to permissive in /etc/sysconfig/selinux, and > reboot, tinydns responds to queries. > > If I turn selinux back to enforcing and reboot, tinydns does not respond. > > Monitoring /var/log/messages shows no errors from iptables/shorewall or > selinux. The only way I can find an error is performing the following:- > > netstat -npl | grep tinydns # gives me the process id > strace -f -p > > From this I can see that tinydns is reporting an error of:- > > recvfrom(3, 0x606720, 513, 0, 0x7fffc7321ec0, 0x7fffc7321edc) = -1 > EACCES (Permission denied) > > I've got setroubleshoot set to send me an alert on first occurrence of > an issue, so far none received. > > Does anyone know how I should proceed from here ? > > May be you can see what is there is in the audit log and audit2allow tool might help you http://wiki.centos.org/HowTos/SELinux > Thanks > > Phil. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux and tinydns
>> tinydns starts up fine, selinux reports no issues (now after a day >> of >> clearing errors). >> >> If I turn selinux back to permissive in /etc/sysconfig/selinux, and >> reboot, tinydns responds to queries. >> >> If I turn selinux back to enforcing and reboot, tinydns does not >> respond. >> >> Monitoring /var/log/messages shows no errors from iptables/shorewall >> or >> selinux. The only way I can find an error is performing the >> following:- >> >> netstat -npl | grep tinydns # gives me the process id >> strace -f -p >> >> From this I can see that tinydns is reporting an error of:- >> >> recvfrom(3, 0x606720, 513, 0, 0x7fffc7321ec0, 0x7fffc7321edc) = -1 >> EACCES (Permission denied) >> >> I've got setroubleshoot set to send me an alert on first occurrence >> of >> an issue, so far none received. >> >> Does anyone know how I should proceed from here ? >> >> > May be you can see what is there is in the audit log and audit2allow > tool > might help you > > http://wiki.centos.org/HowTos/SELinux You may also try to temporarily disable "dontadit" rules: # semodule -DB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
