On 14/02/13 7:23 PM, Robert Moskowitz wrote: > I was getting permission errors (seen in /var/log/messages) in accessing > these two directories within my chroot tree. I was pulling out what > little hair I have, as the permissions were identical to those on my > Centos 5.5 server. So I switched selinux into permissive mode and now I > have /var/named/chroot/var/named/data/named.run and my ..../named/slave/ > stubs. > > What is the selinux magic to allow bind to write here? Hi, This may start a debate but it is my understanding that RH recommends to not use chroot jails with bind as selinux is more secure. For some additional information see the following extract from the BIND 9 FAQ: https://scs.senecac.on.ca/~raymond.chan/nad810/0701/SELinux-DNS.html Right now I can't locate this on the new ISC website though. There is also an selinux section in the named(8) manual page, for example: http://linux.die.net/man/8/named which states pretty much the same. If you wish to stay with chroot then the key is probably to install the bind-chroot package and ensure that the ROOTDIR variable is set correctly in: /etc/sysconfig/named For what its worth I'm running a number of master/slave DNS servers under selinux no problems. Any updates on the master propagates happily to the slaves. Mind you these are low traffic DNS servers that sit behind a firewall. Cheers -pete -- Peter Brady Email: pdbrady@xxxxxxxxxx Skype: pbrady77
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
