[CentOS] DNS Logging with Selinux enabled

Wed Sep 10 09:11:25 UTC 2008
Josh Donovan <josh.dvan at yahoo.co.uk>

I rebuilt my server and setup bind to log queries in a chroot. 


################################################################################
# Logging Configuration
#
logging {
    #
    # Define channels for the two log files
    #
    channel query_log {
        severity info;
        print-time yes;
	file "/var/log/query.log" versions 3 size 100M;
    };
    channel activity_log {
        severity info;
        print-time yes;
        print-category yes;
        print-severity yes;
	file "/var/log/activity.log" versions 3 size 100M;


Below is the security context of the files in the chroot.


[root at josh log]# ls -alZ /var/named/chroot/var/log/activity.log
-rw-r--r--  named    named    root:object_r:named_conf_t       /var/named/chroot/var/log/activity.log

[root at josh log]# ls -alZ /var/named/chroot/var/log/query.log
-rw-r--r--  named    named    root:object_r:named_conf_t       /var/named/chroot/var/log/query.log

I temporarily disabled selinux but there was one simple step I missed (forgot since i did this years ago). I briefly recall creating a 
symlink and/or using chcon or one of the selinux commands.

Thanks,
Josh