[Pdns-users] SELinux with master & pdns fails
Kevin P. Fleming
lists.pdns-users at kevin.km6g.us
Sun Jul 30 10:57:43 UTC 2023
If by "the RPM" you are referring to the ones distributed by the PowerDNS team (on repo.powerdns.com) then no, it does not. It also doesn't include a profile for AppArmor.
It is possible that the PowerDNS team would accept a contribution of such profiles to be included in the packages, but the ongoing cost of supporting those could be high, and it may not be possible to have the same profiles operate properly across all of the RPM-based distributions.
On Sun, Jul 30, 2023, at 06:48, Victor Hugo dos Santos wrote:
> Hi
>
> The rpm should come with the correct selinux by default???
>
> Salu2
>
>
> On Sat, Jul 29, 2023, 17:27 Kevin P. Fleming via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
>> __
>> There's nothing to 'fix' in pdns-auth. Its behavior is based on the functions it performs.
>>
>> If there is no SELinux policy for it, or there is one but it's not correct, then SELinux will interfere. The proper solution is to determine whether any of the actions that pdns-auth is taking are invalid. If they are invalid, those are bugs (but this is unlikely); if they are valid, the SELinux policy needs to permit them.
>>
>> On Sat, Jul 29, 2023, at 11:11, lejeczek via Pdns-users wrote:
>>> Hi guys.
>>>
>>> Setting master=yes - on Centos 9s - results in SE denials and 'pdns' fails to start.
>>> ...
>>> About to create 3 backend threads for UDP
>>> Exiting because communicator thread died with error: Resolver binding to local UDP socket on '0.0.0.0': Permission denied
>>> Started PowerDNS Authoritative Server.
>>> ...
>>>
>>> Would you know if there ia boolean I'm missing or perhaps pdns' end can be "fixed"?
>>> It'd be good not to have build dedicated se module for that.
>>>
>>> many thanks, L.
>>> _______________________________________________
>>> Pdns-users mailing list
>>> Pdns-users at mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>>>
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20230730/6d64aa4e/attachment-0001.htm>
More information about the Pdns-users
mailing list