<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-9">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hello,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
On a fresh install the selinux context are '<span style="background-color:rgb(255, 255, 255);display:inline !important">var_t', and if I changed it to 'named_var_run_t' it works!</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
[root@ run]# ls -lZ
<div>total 0</div>
drwxrwx---. 2 named named system_u:object_r:var_t:s0 42 Jun 13 14:50 named<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
FYI:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
I also tried to install the builtin named in RHEL-8, and their systemd unit file looks like this. They are also using 'pidfile' </div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<div>[Unit]</div>
<div>Description=Berkeley Internet Name Domain (DNS)</div>
<div>Wants=nss-lookup.target</div>
<div>Wants=named-setup-rndc.service</div>
<div>Before=nss-lookup.target</div>
<div>After=named-setup-rndc.service</div>
<div>After=network.target</div>
<div><br>
</div>
<div>[Service]</div>
<div>Type=forking</div>
<div>Environment=NAMEDCONF=/etc/named.conf</div>
<div>EnvironmentFile=-/etc/sysconfig/named</div>
<div>Environment=KRB5_KTNAME=/etc/named.keytab</div>
<div>PIDFile=/run/named/named.pid</div>
<div><br>
</div>
<div>ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'</div>
<div>ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS</div>
<div>ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'</div>
<div><br>
</div>
<div>ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'</div>
<div><br>
</div>
<div>PrivateTmp=true</div>
<div><br>
</div>
<div>[Install]</div>
WantedBy=multi-user.target<br>
</div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
Anyone else who are using ISC repo and have the same issue with the wrong selinux context?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)" class="elementToProof">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> bind-users <bind-users-bounces@lists.isc.org> on behalf of Sandro <lists@penguinpee.nl><br>
<b>Sent:</b> Friday, 10 June 2022 17.45<br>
<b>To:</b> bind-users@lists.isc.org <bind-users@lists.isc.org><br>
<b>Subject:</b> Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">[EKSTERN MAIL]<br>
<br>
<br>
On 10-06-2022 17:21, Reindl Harald wrote:<br>
<br>
My apologies if I offended you.<br>
<br>
> seriously - about what magic are you talking?<br>
> do you even know what a pidfile is?<br>
><br>
> it's a simple textfile where the process writes it's PID<br>
> and PIDFile forces systemd to read that file and use the content as<br>
> "Main PID"<br>
<br>
Yes, I am aware of what a pidfile is.<br>
<br>
So, above would underline my analysis that systemd was not able to read<br>
the pidfile. Possible causes:<br>
<br>
1. Configuration issue: named did not write the pidfile to the file<br>
indicated in the unit file by PIDFile<br>
<br>
2. SELinux issue: named was not able to write the pidfile, because<br>
SELinux denied access.<br>
<br>
<br>
> the whole point of my responses was the upstream should reconsider to<br>
> use the option becasue it's proven to be useless no matter what some<br>
> outdated manpage says<br>
<br>
I cannot comment on the man page being up to date. But I already agreed<br>
with your point of view, that PIDFile in case of named has become obsolete.<br>
<br>
So, I think we are on the same page here.<br>
<br>
-- Sandro<br>
--<br>
Visit <a href="https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0" data-auth="NotApplicable">
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0</a>
to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S1jUdEBRKqIZn4e5aNszwAzghLDxr4H7XCfFIxBhCyQ%3D&reserved=0" data-auth="NotApplicable">
https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S1jUdEBRKqIZn4e5aNszwAzghLDxr4H7XCfFIxBhCyQ%3D&reserved=0</a>
for more information.<br>
<br>
<br>
bind-users mailing list<br>
bind-users@lists.isc.org<br>
<a href="https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0" data-auth="NotApplicable">https://eur06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Csoande%40norlys.dk%7Cdcc3a8e2ce2b4f4368bd08da4af86175%7Ca6230a1c393a4c9e9938a643402658d9%7C0%7C0%7C637904727888204160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7QfQjbRM9%2FGJ7h0LRI0%2FdGA92D8d1f%2BG2wa8XQwiEMk%3D&reserved=0</a><br>
</div>
</span></font></div>
</body>
</html>