Maintained by: NLnet Labs

[Unbound-users] Troubleshooting occasional "Permission denied" errors?

Tom Samplonius
Wed Jun 17 02:17:46 CEST 2015


> On Jun 16, 2015, at 3:44 AM, Jarno Huuskonen <jarno.huuskonen at uef.fi> wrote:
> 
> Hi,
> 
>> From: Tom Samplonius <tom at samplonius.org>
>>  I?m seeing some Permission denied errors in the log:
>> 
>> Jun 15 19:51:56 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
>> Jun 15 20:02:03 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
>> 
>> Unbound seems to be running normally, and appears to be answer all queries normally.  It is version 1.4.20 on CentOS 7.
> 
> Are you running with selinux enabled ?
> 
> Check selinux audit log (/var/log/audit/audit.log), denied ports might be
> logged there. Or try with something like this in unbound.conf:
> outgoing-port-avoid: 8953
> outgoing-port-avoid: 5546
> 
> (I think I got selinux denied for (at least) these two ports).


  Yes, I run SELinux in enforcing mode.  But audit.log has no rejections for anything.

  That is another reason why I suspect either a conflict with another process of an Unbound bug in 1.4.20


> -Jarno


Tom