another selinux question
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 2 19:41:52 UTC 2005
dan wrote:
> Darren Grant wrote:
>
>> Change selinux to allow Dynamic DNS:
>>
>> Edit the following file and change the '0' to '1':
>>
>> /etc/selinux/targeted/booleans
>> named_write_master_zones=1
>>
>> By default it looks like selinux denies writing of DDNS. Also check
>> that named has write permissions to the directory where your zone
>> files are stored.
>>
>> -Darren
>>
>> Tim Fenn wrote:
>>
>>> On Wed, Feb 02, 2005 at 06:14:25PM +0530, Rahul Sundaram wrote:
>>>
>>>
>>>> On Tue, 1 Feb 2005 14:38:54 -0800, Tim Fenn <fenn at stanford.edu> wrote:
>>>>
>>>>
>>>>> I'm running both named and dhcpd, and dhcpd is set to do dynamic dns
>>>>> updates (both use /etc/rndc.key as the authentication key). All used
>>>>> to be good, but now dhcpd won't start, and errors in the kernel log
>>>>> show:
>>>>>
>>>>> audit(1107297176.619:0): avc: denied { search } for pid=8099
>>>>> exe=/usr/sbin/dhcpd name=named dev=sda1 ino=1295119
>>>>> scontext=root:system_r:dhcpd_t
>>>>> tcontext=system_u:object_r:named_zone_t
>>>>> tclass=dir
>>>>>
>>>>
>>>>
>>>> ask in the fedora-selinux list
>>>>
>>>>
>>>
>>>
>>>
>>> <sigh>... yet another mailing list...
>>>
>>> I filed a bug report, workarounds are suggested at:
>>>
>>> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146844
>>>
>>> Regards,
>>> Tim
>>>
>>>
>>>
>>
>
> While we're on the subject of SELinux... anyone know of any good
> primers for those of us who may not be very familiar with SELinux yet?
> Perhaps some tutorials or articles explaining real-world scenarios of
> where SELinux is used, how it's used, and what the outcome is?
>
> Thanks
> -dant
>
THere is a book out on it, avaliable
http://www.amazon.com/exec/obidos/search-handle-form/102-3867490-1431367
You can attend the SELinux symposium.
The FAQ has some useful info.
http://fedora.redhat.com/docs/selinux-faq-fc3/
Dan
More information about the fedora-list
mailing list