[CentOS] SELinux Question
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 23 13:22:03 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/23/2013 07:15 AM, Ken Smith wrote:
>
> James Hogarth wrote:
>> On 23 Jul 2013 07:42, "Ken Smith"<kens at kensnet.org> wrote:
>>
>>>>
>>> For some reason auditd wasn't running or enabled. I'm now seeing the
>>> messages I needed in /var/log/messages. I'm running bind chrooted and
>>> various other tweeks mean I need to set SELinux accordingly.
>>>
>>>
>> Bind chroot via the standard chroot package should just with with
>> selinux...
>>
>> Be careful that you don't just follow the audit.log blindly (eg
>> audit2allow -aM) but think through each but carefully...
>>
>> I'd suggest starting for each exception with "is this already covered by
>> a boolean" and then double checking your file contexts before even
>> considering an additional custom module.
>>
>>
> For some reason SELinux was blocking the updates to the zone files that are
> the result of DHCP leases being issued. Fixed now. Also I run MailScanner
> and the SELinux context needed corrected on mqueue.in, in addition to
> allowing SSH to operate on the non-standard port I've set it to.
>
> Thanks
>
> Ken
>
named_write_master_zones boolean?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHug3sACgkQrlYvE4MpobMBCwCgjylf0DDKk3nl8gfBXwfrG8dA
9AQAoLX8zbv56mHJK5Xql8PCRkKDZlfn
=b2mZ
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list