-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck Anderson wrote: > I've been having issues with BIND so I set up the named process to > dump core and enabled allow_daemons_dump_core. However, it would not > create any core file until I put SELinux into permissive mode. I also > didn't get any audit messages related to the failed core dump. Why is > that? The CWD of the process is /var/named which is where the core > dump got written after I put SELinux in permissive mode. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list allow_daemons_dump_core, is only allowing daemons to create new files in / It would not allow named to create a file in /var/named. So I guess we need to add a rule to allow named to write to named_zone_t if this boolean is set, or make named use / as its cwd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHVC5JrlYvE4MpobMRAtOwAKCerxBSjPszDUT+KVgZe1xyyJ5RnACgld+q PVFSYPcXS/TERkhH6B9DSQQ= =lHB3 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
