Running two named processes in selinux
Faisal Ali
faisal.ali at kwe.com
Fri Jun 30 20:15:36 UTC 2006
Yes, exactly to run named in different SELinux domains. Iam glad its doable,
do you mean use the canned policy for one named and create a new one for
another named process. Can you point me to any read on the web that can help
in doing this.
I guess its more of comfort level thing, I know BIND9 is quite secure and I
have'nt heard of any hacks. But if it happens then hacker can have
visibility to internal hosts information.
-----Original Message-----
From: Paul Howarth [mailto:paul at city-fan.org]
Sent: Friday, June 30, 2006 3:50 PM
To: Faisal Ali
Cc: fedora-selinux-list at redhat.com
Subject: Re: Running two named processes in selinux
On Fri, 2006-06-30 at 12:48 -0400, Faisal Ali wrote:
> Is it possible to run two named process in selinux each having
> different file permissions. Instead of using DNS Views Iam thinking
> about running two named processes, one for external and one for
> internal. Ofcourse external named process will have access to
> different set of files versus internal named process.
>
> Can this be done.
Are you thinking of this with a view to running the two named processes in
different SELinux domains so that they cannot read/write each others'
files? That's do-able, but will need a custom policy for one of the daemons.
Or, are you asking whether simply running two different named processes is
possible with the default SELinux policy, with both running in the same
domain? That would be simpler, but still not as simple as using views (why
don't you want use views, since internal/external is just the sort of
application views were designed for?)?
Paul.
More information about the fedora-selinux-list
mailing list