BIND 9.3.1 chroot and channel logging (Correct perms set!)

Mark Andrews Mark_Andrews at isc.org
Tue Sep 20 23:08:23 UTC 2005


> 
> bubba_ry at verizon.net wrote:
> > I have an FC4 system running BIND 9.3.1 in a chroot'd environment
> > (/var/named/chroot).  Everything works great as long I don't try to
> > split logging into different channels (i.e. default, update, transfer);
> > it all gets logged to /var/log/messages.  All well and good, but I want
> > to be a little tidier...
> 
> Try removing the "/usr/logs/named" and see what happens... and go from
> there.

	First turn off SELinux's named support.  If that gets things
	working as I think it will you then need to look at what
	configurables there are for SELinux and named.

> > If I configure bind to use channels as such:
> > 
> > logging {
> >         channel default_log {
> >                 file "/usr/logs/named/default.log" versions 7 size 50M;
> >                 severity info;
> >                 print-category yes;
> >                 print-severity yes;
> >                 print-time yes;
> >         };
> > 
> >         category default                { default_log; };
> > 
> > };
> > 
> > I get the following error in 'messages':
> > 
> > Sep 19 15:47:27 dns3 named[1568]: isc_log_open
> > '/usr/logs/named/default.log' failed: permission denied
> > 
> > I have checked and double-checked the directories in the chroot jail
> > and everything is kosher.  I even opened the directories and files up
> > to the world (chmod 777) to no avail.  What am I missing?  I've looked
> > at the SELinux config and can't seem to find anything that might hinder
> > writing to the logs.
> > 
> > TIA,
> > 
> > ry
> > 
> > 
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list