Ask Your Question
1

I need a list of SELinux rules for bind-chroot

asked 2017-08-09 04:58:44 -0500

toddandmargo gravatar image

Hi All,

Would someone point me to a paper describing what SELinux rules I need to implement to use with bind-chroot?

Many thanks, -T

edit retag flag offensive close merge delete

Comments

Does it not work?

ssieb gravatar imagessieb ( 2017-08-11 15:17:34 -0500 )edit

It is working. I want to document what I did for the future, rather than waiting for alerts from SELinux

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 16:42:18 -0500 )edit

This is some of the manure I am trying to get around too:

# semanage fcontext -a -t FILE_TYPE 'session.key'

where FILE_TYPE is one of the following: dnssec_trigger_var_run_t, ipa_var_lib_t, krb5_host_rcache_t, krb5_keytab_t, named_cache_t, named_log_t, named_tmp_t, named_var_run_t.

# semanage fcontext -a -t named_var_run_t 'session.key'
# restorecon -v 'session.key'

How am I suppose to know what "FILE_TYPE" I am using?

Mumble, mumble

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 16:49:51 -0500 )edit

But I do. So where are the rules for bind?

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 18:34:53 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-08-11 17:16:05 -0500

ssieb gravatar image

You shouldn't need to mess around with selinux. See https://docs.fedoraproject.org/en-US/... for how to configure it.

edit flag offensive delete link more

Comments

SELinux cuts lose when you first start running bind-chroot. What is "suppose" to be and what "are" are two different things. Do you know the rules?

toddandmargo gravatar imagetoddandmargo ( 2017-08-11 19:13:15 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-08-09 04:58:44 -0500

Seen: 91 times

Last updated: Aug 11 '17