[CentOS] SELinux Question

Tue Jul 23 11:15:17 UTC 2013
Ken Smith <kens at kensnet.org>

James Hogarth wrote:
> On 23 Jul 2013 07:42, "Ken Smith"<kens at kensnet.org>  wrote:
>    
>>>        
>> For some reason auditd wasn't running or enabled. I'm now seeing the
>> messages I needed in /var/log/messages. I'm running bind chrooted and
>> various other tweeks mean I need to set SELinux accordingly.
>>
>>      
> Bind chroot via the standard chroot package should just with with selinux...
>
> Be careful that you don't just follow the audit.log blindly (eg audit2allow
> -aM) but think through each but carefully...
>
> I'd suggest starting for each exception with "is this already covered by a
> boolean" and then double checking your file contexts before even
> considering an additional custom module.
>
>    
For some reason SELinux was blocking the updates to the zone files that 
are the result of DHCP leases being issued. Fixed now. Also I run 
MailScanner and the SELinux context needed corrected on mqueue.in, in 
addition to allowing SSH to operate on the non-standard port I've set it 
to.

Thanks

Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.