Logging with bind-chroot

Miroslav Grepl mgrepl at redhat.com
Tue Sep 29 12:08:53 UTC 2009


On 09/29/2009 01:52 PM, Daniel J Walsh wrote:
> On 09/24/2009 04:43 AM, Paul Howarth wrote:
>    
>> Today's update of bind in F11 suggests adding this line to
>> /etc/rsyslog.conf to maintain logging with a chroot-ed bind:
>>
>> $AddUnixListenSocket /var/named/chroot/dev/log
>>
>> For this to work on F-11, I needed to add the following policy module:
>>
>> ::::::::::::::
>> mybindchroot.fc
>> ::::::::::::::
>> /var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0)
>> /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
>>
>> ::::::::::::::
>> mybindchroot.te
>> ::::::::::::::
>> policy_module(mybindchroot, 0.0.4)
>>
>> require {
>>      type syslogd_t;
>> }
>>
>> # rsyslog needs to search the bind chroot when creating
>> # /dev/log in the chroot
>> bind_search_cache(syslogd_t)
>>
>> I'd expect the same to apply in other releases too.
>>
>> Paul.
>>
>> -- 
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
>>      
> Added to Rawhide,
>
> Miroslav, you should add to F11.
>
>    
Added to selinux-policy-3.6.12-85.fc11

> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090929/a533d3c1/attachment.htm>


More information about the fedora-selinux-list mailing list