[CentOS] Re: DNS Logging with Selinux enabled

Fri Sep 12 14:35:19 UTC 2008
Josh Donovan <josh.dvan at yahoo.co.uk>

Robert Nichols wrote:
> When I asked about a similar problem a while back, the
> SELinux folks
> told me that bind-chroot was not supported under SELinux
> because
> SELinux already provides better protection.
> 

That is wrong. Every release of Fedora comes out and people ask how to configure bind to work in a chroot with selinux enabled. As Fedora is a
testbed for upstream, we should have these things ironed out. Possibly having a separate SELinux/Docs mailing list means they may not be aware of what is going on in the mainstream. 

Some of the old Fedora Docs are informative. Even a work in progress like
http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDChroot

shows bind-chroot can work with SELinux