Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 92312 | Product: Gentoo Linux | Version: unspecified | Platform: All |
| OS/Version: All | Status: RESOLVED | Severity: normal | Priority: P2 |
| Resolution: FIXED | Assigned To: kaiowas@gentoo.org | Reported By: daniel@dthaler.de | |
| Component: Hardened | |||
| URL: | |||
| Summary: Bind does not run chrooted on selinux (+fix) | |||
| Keywords: | |||
| Status Whiteboard: | |||
| Opened: 2005-05-11 15:57 0000 | |||
| Description: | Opened: 2005-05-11 15:57 0000 |
The selinux policy for bind does not define any labels for the chroot dir and bind also wants cap_dac_read_search when chrooting. I'm attaching my modified named.fc and named.te files Note that I've hardcoded my chroot dir (/var/chroot/dns) in named.fc
Created an attachment (id=58703) [details]
modified named.fc
Created an attachment (id=58704) [details]
modified named.te
ok, I haven't found any pointers in fhs for proper chroot tree placement, so /var/chroot/dns is as good as any other location ;) fix will be available shortly in selinux-bind-20050526 thanks for the bug report