Today's update of bind in F11 suggests adding this line to /etc/rsyslog.conf to maintain logging with a chroot-ed bind:
$AddUnixListenSocket /var/named/chroot/dev/log
For this to work on F-11, I needed to add the following policy module:
:::::::::::::: mybindchroot.fc :::::::::::::: /var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0) /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
:::::::::::::: mybindchroot.te :::::::::::::: policy_module(mybindchroot, 0.0.4)
require { type syslogd_t; }
# rsyslog needs to search the bind chroot when creating # /dev/log in the chroot bind_search_cache(syslogd_t)
I'd expect the same to apply in other releases too.
Paul.
On 09/24/2009 04:43 AM, Paul Howarth wrote:
Today's update of bind in F11 suggests adding this line to /etc/rsyslog.conf to maintain logging with a chroot-ed bind:
$AddUnixListenSocket /var/named/chroot/dev/log
For this to work on F-11, I needed to add the following policy module:
:::::::::::::: mybindchroot.fc :::::::::::::: /var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0) /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
:::::::::::::: mybindchroot.te :::::::::::::: policy_module(mybindchroot, 0.0.4)
require { type syslogd_t; }
# rsyslog needs to search the bind chroot when creating # /dev/log in the chroot bind_search_cache(syslogd_t)
I'd expect the same to apply in other releases too.
Paul.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Added to Rawhide,
Miroslav, you should add to F11.
On 09/29/2009 01:52 PM, Daniel J Walsh wrote:
On 09/24/2009 04:43 AM, Paul Howarth wrote:
Today's update of bind in F11 suggests adding this line to /etc/rsyslog.conf to maintain logging with a chroot-ed bind:
$AddUnixListenSocket /var/named/chroot/dev/log
For this to work on F-11, I needed to add the following policy module:
:::::::::::::: mybindchroot.fc :::::::::::::: /var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0) /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
:::::::::::::: mybindchroot.te :::::::::::::: policy_module(mybindchroot, 0.0.4)
require { type syslogd_t; }
# rsyslog needs to search the bind chroot when creating # /dev/log in the chroot bind_search_cache(syslogd_t)
I'd expect the same to apply in other releases too.
Paul.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Added to Rawhide,
Miroslav, you should add to F11.
Added to selinux-policy-3.6.12-85.fc11
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org