Josh Donovan wrote: > Robert Nichols wrote: >> When I asked about a similar problem a while back, the >> SELinux folks >> told me that bind-chroot was not supported under SELinux >> because >> SELinux already provides better protection. >> > > That is wrong. Every release of Fedora comes out and people ask how to configure bind to work in a chroot with selinux enabled. As Fedora is a > testbed for upstream, we should have these things ironed out. Possibly having a separate SELinux/Docs mailing list means they may not be aware of what is going on in the mainstream. > > Some of the old Fedora Docs are informative. Even a work in progress like > http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDChroot > > shows bind-chroot can work with SELinux "Can work," yes. "Does upstream care that it doesn't install and work cleanly," no. That's the word I got from "upstream" (fedora-selinux-list). -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.