[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

selinux interfering with dynamic dns

From: Edward Kuns <ekuns kilroy chi il us>
To: fedora-selinux-list redhat com
Subject: selinux interfering with dynamic dns
Date: Sat, 01 Mar 2008 16:58:29 -0600

I have dhcp + named set up to cooperate, but selinux (understandably)
denies named write access to the files it needs to modify for dynamic
dns updates.  I have created the following policy.  Is there a better
way of doing this?  Best would be if there was a way to allow write
access *only* to those handful of files in /var/named/chroot/var/named
that are truly dynamic, perhaps by labeling.  Would it be possible or
reasonable to add named_dynamic_zone_t or some equivalent?  Is there a
better way to solve this problem or am I missing some already-available
mechanism?

   Thanks

       Eddie


module mybind 1.0;

require {
        type named_t;
        type named_zone_t;
        class file write;
}

#============= named_t ==============
allow named_t named_zone_t:file write;

-- 
Edward Kuns <ekuns kilroy chi il us>

Follow-Ups:
- Re: selinux interfering with dynamic dns
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]