<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 09/29/2009 01:52 PM, Daniel J Walsh wrote:
<blockquote cite="mid:4AC1F506.1030800@redhat.com" type="cite">
<pre wrap="">On 09/24/2009 04:43 AM, Paul Howarth wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Today's update of bind in F11 suggests adding this line to
/etc/rsyslog.conf to maintain logging with a chroot-ed bind:
$AddUnixListenSocket /var/named/chroot/dev/log
For this to work on F-11, I needed to add the following policy module:
::::::::::::::
mybindchroot.fc
::::::::::::::
/var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0)
/var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
::::::::::::::
mybindchroot.te
::::::::::::::
policy_module(mybindchroot, 0.0.4)
require {
type syslogd_t;
}
# rsyslog needs to search the bind chroot when creating
# /dev/log in the chroot
bind_search_cache(syslogd_t)
I'd expect the same to apply in other releases too.
Paul.
--
fedora-selinux-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a>
</pre>
</blockquote>
<pre wrap=""><!---->Added to Rawhide,
Miroslav, you should add to F11.
</pre>
</blockquote>
<pre>Added to selinux-policy-3.6.12-85.fc11</pre>
<blockquote cite="mid:4AC1F506.1030800@redhat.com" type="cite">
<pre wrap="">--
fedora-selinux-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a>
</pre>
</blockquote>
<br>
</body>
</html>