I'm getting these - is it something specific to my setup?
I'm up to date and policy rpm's are:

selinux-policy.noarch 3.9.16-32.fc15 @updates

selinux-policy-targeted.noarch 3.9.16-32.fc15 @updates


thanks for any advice.

gene
----------------------

SELinux is preventing /usr/sbin/named from add_name access on the
directory named.pid.

***** Plugin catchall_boolean (89.3 confidence) suggests
*******************

If you want to allow BIND to write the master zone files. Generally this
is used for dynamic DNS or zone transfers.
Then you must tell SELinux about this by enabling the
'named_write_master_zones' boolean.
Do
setsebool -P named_write_master_zones 1

***** Plugin catchall (11.6 confidence) suggests
***************************

If you believe that named should be allowed add_name access on the
named.pid directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep named /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

On 07/11/2011 07:44 AM, Genes MailLists wrote:
>


>
rerunning restorecon may fix the problem .. not sure how these got changed:

restorecon reset /var/named/chroot/var/run/named/named.pid context
system_ubject_r:named_zone_t:s0->system_ubject_r:named_var_run_t:s0

Sorry for noise ... presumably this will fix it.


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux