[CentOS] Re: DNS Logging with Selinux enabled

Fri Sep 12 13:23:13 UTC 2008
Robert Nichols <rnicholsNOSPAM at comcast.net>

Josh Donovan wrote:
> --- On Thu, 11/9/08, Ralph Angenendt <ra+centos at br-online.de> wrote:
>> From: Ralph Angenendt <ra+centos at br-online.de>
>> Subject: Re: [CentOS] DNS Logging with Selinux enabled
>> To: "CentOS mailing list" <centos at centos.org>
>> Date: Thursday, 11 September, 2008, 5:48 PM
>> That doesn't matter. For the normal targeted policy
>> only the last part of 
>> the policy listing is important (named_log_t in this case).
>> Cheers,
>> Ralph
>> PS: Please trim your mails
> That did it. Its a wonder how upstream never fix these issues, 
> considering the average admin would like to log dns queries
> in a chroot. As for trimming the mail its a while since I was
> on the mailing list, but I remembered not to top post. :-)

When I asked about a similar problem a while back, the SELinux folks
told me that bind-chroot was not supported under SELinux because
SELinux already provides better protection.

Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.