[CentOS] SELinux questions, upon restarting BIND

Thu Aug 16 18:28:20 UTC 2007
Ray Leventhal <centos at swhi.net>

Ray Leventhal wrote:
> Hi all,
>
> On my newly up-and-running nameserver (CentOS 5), I noticed the
> following alerts in /var/log/messages after restarting BIND.  (lines
> inserted to aid in reading).
> As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an
> issue which simply *must* be addressed, or if it's something I should
> live with, and 2) how to eliminate the warming messages without
> sacrificing SELinux protections.  The system does not have X installed,
> so 'setroubleshoot' isn't an option (unless there's a text equivalent).
>
> Thanks in advance for any opinions/suggestions/enlightenments :)
>
> ~Ray
>
> =============================================
> Aug 16 07:12:23 sunspot setroubleshoot:      SELinux is preventing
> /usr/sbin/named (named_t) "getattr" access to /dev/random
> (tmpfs_t).      For complete SELinux messages. run sealert -l
> 1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a
> =============================================
> Aug 16 07:12:23 sunspot setroubleshoot:      SELinux is preventing
> /usr/sbin/named (named_t) "read" access to random (tmpfs_t).      For
> complete SELinux messages. run sealert -l
> b7014747-0d8d-443e-8b9a-af868976452d
> =============================================
>   
<big output snip>
Update:

A bit of searching found a thread which pointed here:
http://www.webservertalk.com/message1323968.html

This is a talk about Bind 9.x on RHEL4, but I think it applies to C5 as
well as the issue is SELinux and chrooted BIND implementations.

Problem is, I'm still not sure what should be done.  I'd rather not
disable SELinux protection  by doing this:

setsebool -P named_disable_trans=1

...but the instructions for alerting SELinux to the chrooted file locations are a bit short of my (inexperienced) needs.

Any help would be greatly appreciated.  

@Moderator: if this is truly off-topic, my apologies.  Please let me know and I will post to an SELinux list.

TIA,
~Ray