[CentOS] SELinux Question
Ken Smith
kens at kensnet.org
Tue Jul 23 11:15:17 UTC 2013
James Hogarth wrote:
> On 23 Jul 2013 07:42, "Ken Smith"<kens at kensnet.org> wrote:
>
>>>
>> For some reason auditd wasn't running or enabled. I'm now seeing the
>> messages I needed in /var/log/messages. I'm running bind chrooted and
>> various other tweeks mean I need to set SELinux accordingly.
>>
>>
> Bind chroot via the standard chroot package should just with with selinux...
>
> Be careful that you don't just follow the audit.log blindly (eg audit2allow
> -aM) but think through each but carefully...
>
> I'd suggest starting for each exception with "is this already covered by a
> boolean" and then double checking your file contexts before even
> considering an additional custom module.
>
>
For some reason SELinux was blocking the updates to the zone files that
are the result of DHCP leases being issued. Fixed now. Also I run
MailScanner and the SELinux context needed corrected on mqueue.in, in
addition to allowing SSH to operate on the non-standard port I've set it
to.
Thanks
Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list