[CentOS] repost: SELinux questions, upon restarting BIND

Craig White craig at tobyhouse.com
Fri Aug 17 16:13:43 UTC 2007 

I am hesitant to offer suggestions for RHELv5 selinux since I haven't
spent any time playing with it but would definitely recommend that you
join the selinux list...

https://www.redhat.com/mailman/listinfo/fedora-selinux-list

where you will get definitive and correct answers to selinux issues

Craig

On Fri, 2007-08-17 at 09:16 -0400, Ray Leventhal wrote:
> As this remains an issue for me, I'm reposting.  Please forgive the redundancy, but I've been unable to find the answer and am hoping for some guidance.
> 
> Thanks in advance,
> ~Ray
> 
> ==========Original Posts follow==========
> (full output is in the original thread)
> 
> Ray Leventhal wrote:
> 
> > > Hi all,
> > >
> > > On my newly up-and-running nameserver (CentOS 5), I noticed the
> > > following alerts in /var/log/messages after restarting BIND.  (lines
> > > inserted to aid in reading).
> > > As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an
> > > issue which simply *must* be addressed, or if it's something I should
> > > live with, and 2) how to eliminate the warming messages without
> > > sacrificing SELinux protections.  The system does not have X installed,
> > > so 'setroubleshoot' isn't an option (unless there's a text equivalent).
> > >
> > > Thanks in advance for any opinions/suggestions/enlightenments  :) 
> > >
> > > ~Ray
> > >
> > > =============================================
> > > Aug 16 07:12:23 sunspot setroubleshoot:      SELinux is preventing
> > > /usr/sbin/named (named_t) "getattr" access to /dev/random
> > > (tmpfs_t).      For complete SELinux messages. run sealert -l
> > > 1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a
> > > =============================================
> > > Aug 16 07:12:23 sunspot setroubleshoot:      SELinux is preventing
> > > /usr/sbin/named (named_t) "read" access to random (tmpfs_t).      For
> > > complete SELinux messages. run sealert -l
> > > b7014747-0d8d-443e-8b9a-af868976452d
> > > =============================================
> > >   
> >   
> <big output snip>
> Update:
> 
> A bit of searching found a thread which pointed here:
> http://www.webservertalk.com/message1323968.html
> 
> This is a talk about Bind 9.x on RHEL4, but I think it applies to C5 as
> well as the issue is SELinux and chrooted BIND implementations.
> 
> Problem is, I'm still not sure what should be done.  I'd rather not
> disable SELinux protection  by doing this:
> 
> setsebool -P named_disable_trans=1
> 
> ...but the instructions for alerting SELinux to the chrooted file locations are a bit short of my (inexperienced) needs.
> 
> Any help would be greatly appreciated.  
> 
> @Moderator: if this is truly off-topic, my apologies.  Please let me know and I will post to an SELinux list.
> 
> TIA,
> ~Ray
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
-- 
Craig White <craig at tobyhouse.com>

More information about the CentOS mailing list