Ask Your Question

I need a list of SELinux rules for bind-chroot

asked 2017-08-09 04:58:44 -0500

toddandmargo gravatar image

Hi All,

Would someone point me to a paper describing what SELinux rules I need to implement to use with bind-chroot?

Many thanks, -T

edit retag flag offensive close merge delete


Does it not work?

ssieb gravatar imagessieb ( 2017-08-11 15:17:34 -0500 )edit

It is working. I want to document what I did for the future, rather than waiting for alerts from SELinux

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 16:42:18 -0500 )edit

This is some of the manure I am trying to get around too:

# semanage fcontext -a -t FILE_TYPE 'session.key'

where FILE_TYPE is one of the following: dnssec_trigger_var_run_t, ipa_var_lib_t, krb5_host_rcache_t, krb5_keytab_t, named_cache_t, named_log_t, named_tmp_t, named_var_run_t.

# semanage fcontext -a -t named_var_run_t 'session.key'
# restorecon -v 'session.key'

How am I suppose to know what "FILE_TYPE" I am using?

Mumble, mumble

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 16:49:51 -0500 )edit

But I do. So where are the rules for bind?

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 18:34:53 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2017-08-11 17:16:05 -0500

ssieb gravatar image

You shouldn't need to mess around with selinux. See for how to configure it.

edit flag offensive delete link more


SELinux cuts lose when you first start running bind-chroot. What is "suppose" to be and what "are" are two different things. Do you know the rules?

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 19:13:15 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-08-09 04:58:44 -0500

Seen: 91 times

Last updated: Aug 11 '17