James Hogarth wrote:
On 23 Jul 2013 07:42, "Ken Smith"kens@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the messages I needed in /var/log/messages. I'm running bind chrooted and various other tweeks mean I need to set SELinux accordingly.
Bind chroot via the standard chroot package should just with with selinux...
Be careful that you don't just follow the audit.log blindly (eg audit2allow -aM) but think through each but carefully...
I'd suggest starting for each exception with "is this already covered by a boolean" and then double checking your file contexts before even considering an additional custom module.
For some reason SELinux was blocking the updates to the zone files that are the result of DHCP leases being issued. Fixed now. Also I run MailScanner and the SELinux context needed corrected on mqueue.in, in addition to allowing SSH to operate on the non-standard port I've set it to.
Thanks
Ken