I am hesitant to offer suggestions for RHELv5 selinux since I haven't
spent any time playing with it but would definitely recommend that you
join the selinux list...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
where you will get definitive and correct answers to selinux issues
Craig
On Fri, 2007-08-17 at 09:16 -0400, Ray Leventhal wrote:
> As this remains an issue for me, I'm reposting. Please forgive the redundancy, but I've been unable to find the answer and am hoping for some guidance.
>
> Thanks in advance,
> ~Ray
>
> ==========Original Posts follow==========
> (full output is in the original thread)
>
> Ray Leventhal wrote:
>
> > > Hi all,
> > >
> > > On my newly up-and-running nameserver (CentOS 5), I noticed the
> > > following alerts in /var/log/messages after restarting BIND. (lines
> > > inserted to aid in reading).
> > > As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an
> > > issue which simply *must* be addressed, or if it's something I should
> > > live with, and 2) how to eliminate the warming messages without
> > > sacrificing SELinux protections. The system does not have X installed,
> > > so 'setroubleshoot' isn't an option (unless there's a text equivalent).
> > >
> > > Thanks in advance for any opinions/suggestions/enlightenments :)
> > >
> > > ~Ray
> > >
> > > =============================================
> > > Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
> > > /usr/sbin/named (named_t) "getattr" access to /dev/random
> > > (tmpfs_t). For complete SELinux messages. run sealert -l
> > > 1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a
> > > =============================================
> > > Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
> > > /usr/sbin/named (named_t) "read" access to random (tmpfs_t). For
> > > complete SELinux messages. run sealert -l
> > > b7014747-0d8d-443e-8b9a-af868976452d
> > > =============================================
> > >
> >
> <big output snip>
> Update:
>
> A bit of searching found a thread which pointed here:
> http://www.webservertalk.com/message1323968.html
>
> This is a talk about Bind 9.x on RHEL4, but I think it applies to C5 as
> well as the issue is SELinux and chrooted BIND implementations.
>
> Problem is, I'm still not sure what should be done. I'd rather not
> disable SELinux protection by doing this:
>
> setsebool -P named_disable_trans=1
>
> ...but the instructions for alerting SELinux to the chrooted file locations are a bit short of my (inexperienced) needs.
>
> Any help would be greatly appreciated.
>
> @Moderator: if this is truly off-topic, my apologies. Please let me know and I will post to an SELinux list.
>
> TIA,
> ~Ray
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
--
Craig White <craig@xxxxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
