Hi Guys, My google foo is failing me this afternoon. Just configuring a new C6 install. I know there are SELinux alerts happening, eg: I know I need to enable named to write to the local .jnl file as part of dynamic DNS, but sealert -b is not listing any alerts. I can see raw audit messages. Is there some daemon I have forgotten to start or install? Thanks Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Hello Ken Try this " <search term > site:danwalsh.livejournal.com" in your searches. Also this is a good book http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694/ref=sr_1_2?ie=UTF8&qid=1374504654&sr=8-2&keywords=selinux This is the best I can do as I don't understand. What message? Could you post it? If its bind, did you check iptables? All the best Paul On 22 July 2013 15:41, Ken Smith <kens at kensnet.org> wrote:> Hi Guys, My google foo is failing me this afternoon. Just configuring a > new C6 install. I know there are SELinux alerts happening, eg: I know I > need to enable named to write to the local .jnl file as part of dynamic > DNS, but sealert -b is not listing any alerts. I can see raw audit > messages. Is there some daemon I have forgotten to start or install? > > Thanks > > Ken > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- * "I know one thing: That I know nothing"* - Socrates *"We're all explorers here"* - T S Eliot
On 07/22/2013 07:41 AM, Ken Smith wrote:> Hi Guys, My google foo is failing me this afternoon. Just configuring a > new C6 install. I know there are SELinux alerts happening, eg: I know I > need to enable named to write to the local .jnl file as part of dynamic > DNS, but sealert -b is not listing any alerts. I can see raw audit > messages. Is there some daemon I have forgotten to start or install?If you don't see AVCs logged and suspect that SELinux is causing you problems anyway, enable all logging: semodule -BD http://fedoraproject.org/wiki/SELinux/Troubleshooting If you don't see AVCs in the log, then SELinux isn't denying access. Normally if files are created in /var/named/dynamic, then the SELinux context will already be set correctly.