The selinux policy for bind does not define any labels for the chroot dir and bind also wants cap_dac_read_search when chrooting. I'm attaching my modified named.fc and named.te files Note that I've hardcoded my chroot dir (/var/chroot/dns) in named.fc
Created attachment 58703 [details] modified named.fc
Created attachment 58704 [details] modified named.te
ok, I haven't found any pointers in fhs for proper chroot tree placement, so /var/chroot/dns is as good as any other location ;) fix will be available shortly in selinux-bind-20050526 thanks for the bug report