Yes, exactly to run named in different SELinux domains. Iam glad its doable, do you mean use the canned policy for one named and create a new one for another named process. Can you point me to any read on the web that can help in doing this. I guess its more of comfort level thing, I know BIND9 is quite secure and I have'nt heard of any hacks. But if it happens then hacker can have visibility to internal hosts information. -----Original Message----- From: Paul Howarth [mailto:paul@xxxxxxxxxxxx] Sent: Friday, June 30, 2006 3:50 PM To: Faisal Ali Cc: fedora-selinux-list@xxxxxxxxxx Subject: Re: Running two named processes in selinux On Fri, 2006-06-30 at 12:48 -0400, Faisal Ali wrote: > Is it possible to run two named process in selinux each having > different file permissions. Instead of using DNS Views Iam thinking > about running two named processes, one for external and one for > internal. Ofcourse external named process will have access to > different set of files versus internal named process. > > Can this be done. Are you thinking of this with a view to running the two named processes in different SELinux domains so that they cannot read/write each others' files? That's do-able, but will need a custom policy for one of the daemons. Or, are you asking whether simply running two different named processes is possible with the default SELinux policy, with both running in the same domain? That would be simpler, but still not as simple as using views (why don't you want use views, since internal/external is just the sort of application views were designed for?)? Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
