On Friday 12 September 2008 14:56, Robert Nichols wrote: > Josh Donovan wrote: > > Robert Nichols wrote: > >> When I asked about a similar problem a while back, the > >> SELinux folks > >> told me that bind-chroot was not supported under SELinux > >> because > >> SELinux already provides better protection. > > > > That is wrong. Every release of Fedora comes out and people ask how to > > configure bind to work in a chroot with selinux enabled. As Fedora is a > > testbed for upstream, we should have these things ironed out. Possibly > > having a separate SELinux/Docs mailing list means they may not be aware > > of what is going on in the mainstream. > > > > Some of the old Fedora Docs are informative. Even a work in progress > > like > > http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DN > >SBIND/BINDChroot > > > > shows bind-chroot can work with SELinux > > "Can work," yes. "Does upstream care that it doesn't install and work > cleanly," no. That's the word I got from "upstream" > (fedora-selinux-list). bind-chroot works fine. The question is not if it work but if you are configuring it to work in that environment. With SELinux running and bind in a chroot environment it is allowed to write to slave/ and data/ (this is going from memory haven't had to setup bind-chroot in some time) As long as you setup your logging to data/ it will log everything and not complain. Only when you setup a custom server do you have issues. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org