Re: SELinux Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/23/2013 07:15 AM, Ken Smith wrote:
> 
> James Hogarth wrote:
>> On 23 Jul 2013 07:42, "Ken Smith"<kens@xxxxxxxxxxx>  wrote:
>> 
>>>> 
>>> For some reason auditd wasn't running or enabled. I'm now seeing the 
>>> messages I needed in /var/log/messages. I'm running bind chrooted and 
>>> various other tweeks mean I need to set SELinux accordingly.
>>> 
>>> 
>> Bind chroot via the standard chroot package should just with with
>> selinux...
>> 
>> Be careful that you don't just follow the audit.log blindly (eg
>> audit2allow -aM) but think through each but carefully...
>> 
>> I'd suggest starting for each exception with "is this already covered by
>> a boolean" and then double checking your file contexts before even 
>> considering an additional custom module.
>> 
>> 
> For some reason SELinux was blocking the updates to the zone files that are
> the result of DHCP leases being issued. Fixed now. Also I run MailScanner
> and the SELinux context needed corrected on mqueue.in, in addition to
> allowing SSH to operate on the non-standard port I've set it to.
> 
> Thanks
> 
> Ken
> 
named_write_master_zones boolean?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHug3sACgkQrlYvE4MpobMBCwCgjylf0DDKk3nl8gfBXwfrG8dA
9AQAoLX8zbv56mHJK5Xql8PCRkKDZlfn
=b2mZ
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux