Problem with selinux
Adam Tkac
atkac at redhat.com
Mon Jul 14 07:55:03 UTC 2008
On Fri, Jul 11, 2008 at 09:57:47AM +0100, Lars Hecking wrote:
>
> While we're on the issue of random ports, has anyone thought of how to
> configure selinux for the new port-randomising bind versions?
>
As far as I know new SELinux policy was released with updated bind
packages. Make sure you updated bind* and selinux-policy* packages
together.
> Previous bind versions were easy to administer in this regard, without
> in-depth knowledge of selinux: run audit2allow on /var/log/messages,
> create and deploy named policy. Maybe repeat once or twice until all
> operations performed by named have been caught.
>
> This can no longer be done. Either one needs to know you to create
> selinux policies manually, or turn it off altogether. That's less
> security, not more.
>
> I would be particularily interested in comments from RedHat people :)
>
Adam
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list