Problem with selinux
Lars Hecking
lhecking at users.sourceforge.net
Fri Jul 11 08:57:47 UTC 2008
While we're on the issue of random ports, has anyone thought of how to
configure selinux for the new port-randomising bind versions?
Previous bind versions were easy to administer in this regard, without
in-depth knowledge of selinux: run audit2allow on /var/log/messages,
create and deploy named policy. Maybe repeat once or twice until all
operations performed by named have been caught.
This can no longer be done. Either one needs to know you to create
selinux policies manually, or turn it off altogether. That's less
security, not more.
I would be particularily interested in comments from RedHat people :)
More information about the bind-users
mailing list