First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 92312
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: petre rodan (RETIRED) <kaiowas@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Thaler <daniel@dthaler.de>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
named.fc modified named.fc text/plain Daniel Thaler 2005-05-11 15:58 0000 2.79 KB Details
named.te modified named.te text/plain Daniel Thaler 2005-05-11 15:59 0000 4.59 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 92312 depends on: Show dependency tree
Show dependency graph
Bug 92312 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-05-11 15:57 0000 
The selinux policy for bind does not define any labels for the chroot dir and
bind also wants cap_dac_read_search when chrooting.

I'm attaching my modified named.fc and named.te files
Note that I've hardcoded my chroot dir (/var/chroot/dns) in named.fc

------- Comment #1 From Daniel Thaler 2005-05-11 15:58:37 0000 ------- 
Created an attachment (id=58703) [edit]
modified named.fc

------- Comment #2 From Daniel Thaler 2005-05-11 15:59:04 0000 ------- 
Created an attachment (id=58704) [edit]
modified named.te

------- Comment #3 From petre rodan (RETIRED) 2005-05-26 03:13:24 0000 ------- 
ok, I haven't found any pointers in fhs for proper chroot tree placement, so
/var/chroot/dns is as good as any other location ;)

fix will be available shortly in selinux-bind-20050526

thanks for the bug report
First Last Prev Next    No search results available      Search page      Enter new bug