You can disable SELinux protection for named entirely by setting the 'named_disable_trans=1' SELinux tunable boolean parameter.
The SELinux named policy defines these SELinux contexts for named: If you want to retain use of the SELinux policy for named, and put named files in different locations, you can do so by changing the context of the custom file locations .
By default, named is not allowed by the SELinux policy to write, create or delete any files EXCEPT in these directories: where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
Specifically problems are encountered with updating slave zone database files, creating DDNS journal files and updating master zones from journals.# samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information DNS accounts already exist No zone file /usr/local/samba/private/dns/SAMDOM. DNS records will be automatically created DNS partitions already exist dns-DC1 account already exists See /usr/local/samba/private/for an example configuration include file for BIND and /usr/local/samba/private/for further documentation required for secure DNS updates Finished upgrading DNS or other DNS lookup tools, the database hard links can got lost.This happens, for example, if you move the databases across mount points.It also manifests itself as named being unable to create custom log files.Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy (see and recommendations for security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary .Nov DC=FORESTDNSZONES, DC=SAMBA, DC=EXAMPLE, DC=17344372 -rw-rw---- 2 root named 421888 11.Nov # ls -lai /usr/local/samba/private/dns/d/ 17344368 -rw-rw---- 2 root named 4251648 11.I'm running BIND on Red Hat Enterprise Linux or Fedora Core - Why can't named update slave zone database files?Why can't named create DDNS journal files or update the master zones from journals? Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy ( see ) and recommendations for BIND security , which are more secure than running named in a chroot and make use of the bind-chroot environment unecessary .All changes made to a zone using dynamic update are stored in the zone's journal file.This file is automatically created by the server when the first dynamic update takes place.