Thank you for replying. Is it a question that I express or a question that I understand? As mentioned earlier, the status of selinux is disable,
which means selinux is disabled. Even so, can it still work?
发件人: chuang213 [mailto:chuang213@xxxxxxxxx]
发送时间: 2023年3月31日
10:05
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] question about chrony-DNS
Yes, this means the SELinux does not block the chronyd to access the network, but it does block the chronyd to use resolver(DNS service) to find server's IP addresses
Thank you for replying. After the IP address is replaced, the service is normal. Does
this mean that the selinux does not restrict the chronyd process to access the server?
发件人:
chuang213 [mailto:chuang213@xxxxxxxxx]
发送时间: 2023年3月31日
1:49
收件人:
chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] question about chrony-DNS
you could check if it is due to SELinux's access restrictions by replacing the server name with its IP address, then restart the chronyd to see if the issue is
gone.
Thanks. Yes. The SELinux status is disable.
发件人:
chuang213 [mailto:chuang213@xxxxxxxxx]
发送时间: 2023年3月30日
1:24
收件人:
chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] question about chrony-DNS
The link you mentioned had a resolution for this issue, did you ever try?
" SELinux blocks resolver access from chronyd, simply disabling it allows you to test if this is the cause or add an exception. "
|