[CentOS] Re: DNS Logging with Selinux enabled

Fri Sep 12 18:56:16 UTC 2008
Robert Nichols <rnicholsNOSPAM at comcast.net>

Josh Donovan wrote:
> Robert Nichols wrote:
>> When I asked about a similar problem a while back, the
>> SELinux folks
>> told me that bind-chroot was not supported under SELinux
>> because
>> SELinux already provides better protection.
>>
> 
> That is wrong. Every release of Fedora comes out and people ask how to configure bind to work in a chroot with selinux enabled. As Fedora is a
> testbed for upstream, we should have these things ironed out. Possibly having a separate SELinux/Docs mailing list means they may not be aware of what is going on in the mainstream. 
> 
> Some of the old Fedora Docs are informative. Even a work in progress like
> http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDChroot
> 
> shows bind-chroot can work with SELinux

"Can work," yes.  "Does upstream care that it doesn't install and work
cleanly," no.  That's the word I got from "upstream" (fedora-selinux-list).

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.