BIND 9.3.1 chroot and channel logging (Correct perms set!)
Mark Andrews
Mark_Andrews at isc.org
Tue Sep 20 23:08:23 UTC 2005
>
> bubba_ry at verizon.net wrote:
> > I have an FC4 system running BIND 9.3.1 in a chroot'd environment
> > (/var/named/chroot). Everything works great as long I don't try to
> > split logging into different channels (i.e. default, update, transfer);
> > it all gets logged to /var/log/messages. All well and good, but I want
> > to be a little tidier...
>
> Try removing the "/usr/logs/named" and see what happens... and go from
> there.
First turn off SELinux's named support. If that gets things
working as I think it will you then need to look at what
configurables there are for SELinux and named.
> > If I configure bind to use channels as such:
> >
> > logging {
> > channel default_log {
> > file "/usr/logs/named/default.log" versions 7 size 50M;
> > severity info;
> > print-category yes;
> > print-severity yes;
> > print-time yes;
> > };
> >
> > category default { default_log; };
> >
> > };
> >
> > I get the following error in 'messages':
> >
> > Sep 19 15:47:27 dns3 named[1568]: isc_log_open
> > '/usr/logs/named/default.log' failed: permission denied
> >
> > I have checked and double-checked the directories in the chroot jail
> > and everything is kosher. I even opened the directories and files up
> > to the world (chmod 777) to no avail. What am I missing? I've looked
> > at the SELinux config and can't seem to find anything that might hinder
> > writing to the logs.
> >
> > TIA,
> >
> > ry
> >
> >
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list