James Hogarth wrote: > On 23 Jul 2013 07:42, "Ken Smith"<kens at kensnet.org> wrote: > >>> >> For some reason auditd wasn't running or enabled. I'm now seeing the >> messages I needed in /var/log/messages. I'm running bind chrooted and >> various other tweeks mean I need to set SELinux accordingly. >> >> > Bind chroot via the standard chroot package should just with with selinux... > > Be careful that you don't just follow the audit.log blindly (eg audit2allow > -aM) but think through each but carefully... > > I'd suggest starting for each exception with "is this already covered by a > boolean" and then double checking your file contexts before even > considering an additional custom module. > > For some reason SELinux was blocking the updates to the zone files that are the result of DHCP leases being issued. Fixed now. Also I run MailScanner and the SELinux context needed corrected on mqueue.in, in addition to allowing SSH to operate on the non-standard port I've set it to. Thanks Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.