I have dhcp + named set up to cooperate, but selinux (understandably)
denies named write access to the files it needs to modify for dynamic
dns updates. I have created the following policy. Is there a better
way of doing this? Best would be if there was a way to allow write
access *only* to those handful of files in /var/named/chroot/var/named
that are truly dynamic, perhaps by labeling. Would it be possible or
reasonable to add named_dynamic_zone_t or some equivalent? Is there a
better way to solve this problem or am I missing some already-available
mechanism?
Thanks
Eddie
module mybind 1.0;
require {
type named_t;
type named_zone_t;
class file write;
}
#============= named_t ==============
allow named_t named_zone_t:file write;
--
Edward Kuns <ekuns@xxxxxxxxxxxxxxxx>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
