Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155843 - not enabling named_write_master_zones
Summary: not enabling named_write_master_zones
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
Depends On:
Blocks: FC4Target
TreeView+ depends on / blocked
Reported: 2005-04-24 15:57 UTC by Gene Czarcinski
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-04-28 18:14:41 UTC

Attachments (Terms of Use)

Description Gene Czarcinski 2005-04-24 15:57:54 UTC
Description of problem:

In order to support dynamic dns updating by dhcpd, you need to enable (set to 1)
the variable named_write_master_zones in /etc/selinux/targeted/booleans

the named startup script uses this variable (if set to 1) to change ownership of
/var/named/chroot/var/named so that named can write to that directory.

Although you can check and uncheck the box in system-config-securitylevel it has
no effect on changing the variable in /etc/selinux/targeted/booleans

Comment 1 Daniel Walsh 2005-04-28 15:12:05 UTC
Gene it should be changing this in /etc/selinux/targeted/booleans.local?

Comment 2 Daniel Walsh 2005-04-28 15:14:08 UTC
I just tried it here and it worked.

more booleans.local

getsebool named_write_master_zones
named_write_master_zones --> active

Comment 3 Gene Czarcinski 2005-04-28 16:09:12 UTC
OK, boolean.local is a change (at least to me) because earlier versions (e.g.,
FC3) changed the value in /etc/selinux/targeted/booleans

Now, named_write_master_zones is defined in both /etc/selinux/targeted/booleans
and /etc/selinux/targeted/booleans.local but which takes precidence?  If it is
set to "1" in booleans will setting it to "0" in booleans.local be ignored?  How
about  the reverse?

Comment 4 Gene Czarcinski 2005-04-28 16:11:42 UTC
One additional point ... setting named_write_master_zones to 1 in booleans is
not recognized by systems-config-securitylevel ... only settings in booleans.local.

Comment 5 Chris Lumens 2005-04-28 17:18:15 UTC
Yes, booleans.local takes precedence over whatever's defined in booleans.  Think
of it as the difference between global environment settings and per-user
environment settings.

Comment 6 Gene Czarcinski 2005-04-28 18:14:41 UTC
Ok, I am satisfied that there is no bug and am closing this.

I was not aware of the booleans.local ... it might be a good idea to add
something about this to RELEASE-NOTES

Note You need to log in before you can comment on or make changes to this bug.