Re: [chrony-users] question about chrony-DNS

[chuang213 <chuang213@xxxxxxxxx>]

Yes, this means the SELinux does not block the chronyd to access the network, but it does block the chronyd to use resolver(DNS service) to find server's IP addresses

On Thu, Mar 30, 2023 at 5:44 PM chengyechun <chengyechun1@xxxxxxxxxx> wrote:

Thank you for replying. After the IP address is replaced, the service is normal. Does this mean that the selinux does not restrict the chronyd process to access the server?

 

发件人: chuang213 [mailto:chuang213@xxxxxxxxx]
发送时间: 2023年3月31日 1:49
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] question about chrony-DNS

 

you could check if it is due to SELinux's access restrictions by replacing the server name with its IP address, then restart the chronyd to see if the issue is gone.

 

Frank

 

 

On Wed, Mar 29, 2023 at 6:07 PM chengyechun <chengyechun1@xxxxxxxxxx> wrote:

Thanks. Yes. The SELinux status is disable.

 

发件人: chuang213 [mailto:chuang213@xxxxxxxxx]
发送时间: 2023年3月30日 1:24
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] question about chrony-DNS

 

The link you mentioned had a resolution for this issue, did you ever try?

 

quoted from the link

" SELinux blocks resolver access from chronyd, simply disabling it allows you to test if this is the cause or add an exception. "

 

On Wed, Mar 29, 2023 at 2:04 AM chengyechun <chengyechun1@xxxxxxxxxx> wrote:

HI all:

I'm using chrony-3.2 on linux, and there's a problem similar to the problem in this link, but when I shut down selinux and manually start the chronyd service using the /usr/bin/chronyd command, it still doesn't synchronize properly. Did I miss something?

https://unix.stackexchange.com/questions/550423/chrony-sources-are-with-unknown-address