[CentOS] Re: DNS Logging with Selinux enabled
Robert Nichols
rnicholsNOSPAM at comcast.net
Fri Sep 12 18:56:16 UTC 2008
Josh Donovan wrote:
> Robert Nichols wrote:
>> When I asked about a similar problem a while back, the
>> SELinux folks
>> told me that bind-chroot was not supported under SELinux
>> because
>> SELinux already provides better protection.
>>
>
> That is wrong. Every release of Fedora comes out and people ask how to configure bind to work in a chroot with selinux enabled. As Fedora is a
> testbed for upstream, we should have these things ironed out. Possibly having a separate SELinux/Docs mailing list means they may not be aware of what is going on in the mainstream.
>
> Some of the old Fedora Docs are informative. Even a work in progress like
> http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDChroot
>
> shows bind-chroot can work with SELinux
"Can work," yes. "Does upstream care that it doesn't install and work
cleanly," no. That's the word I got from "upstream" (fedora-selinux-list).
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the CentOS
mailing list