Thank you for replying. Is it a question that I express or a question that I understand? As mentioned earlier, the status of selinux is disable, which means selinux is disabled. Even so, can it still work?
发件人: chuang213 [mailto:chuang...@gmail.com] 发送时间: 2023年3月31日 10:05 收件人: chrony-users@chrony.tuxfamily.org 主题: Re: [chrony-users] question about chrony-DNS Yes, this means the SELinux does not block the chronyd to access the network, but it does block the chronyd to use resolver(DNS service) to find server's IP addresses On Thu, Mar 30, 2023 at 5:44 PM chengyechun <chengyech...@huawei.com<mailto:chengyech...@huawei.com>> wrote: Thank you for replying. After the IP address is replaced, the service is normal. Does this mean that the selinux does not restrict the chronyd process to access the server? 发件人: chuang213 [mailto:chuang...@gmail.com<mailto:chuang...@gmail.com>] 发送时间: 2023年3月31日 1:49 收件人: chrony-users@chrony.tuxfamily.org<mailto:chrony-users@chrony.tuxfamily.org> 主题: Re: [chrony-users] question about chrony-DNS you could check if it is due to SELinux's access restrictions by replacing the server name with its IP address, then restart the chronyd to see if the issue is gone. Frank On Wed, Mar 29, 2023 at 6:07 PM chengyechun <chengyech...@huawei.com<mailto:chengyech...@huawei.com>> wrote: Thanks. Yes. The SELinux status is disable. 发件人: chuang213 [mailto:chuang...@gmail.com<mailto:chuang...@gmail.com>] 发送时间: 2023年3月30日 1:24 收件人: chrony-users@chrony.tuxfamily.org<mailto:chrony-users@chrony.tuxfamily.org> 主题: Re: [chrony-users] question about chrony-DNS The link you mentioned had a resolution for this issue, did you ever try? quoted from the link " SELinux blocks resolver access from chronyd, simply disabling it allows you to test if this is the cause or add an exception. " On Wed, Mar 29, 2023 at 2:04 AM chengyechun <chengyech...@huawei.com<mailto:chengyech...@huawei.com>> wrote: HI all: I'm using chrony-3.2 on linux, and there's a problem similar to the problem in this link, but when I shut down selinux and manually start the chronyd service using the /usr/bin/chronyd command, it still doesn't synchronize properly. Did I miss something? https://unix.stackexchange.com/questions/550423/chrony-sources-are-with-unknown-address
