allow_daemons_dump_core doesn't work?
-----BEGIN PGP SIGNED MESSAGE-----
Chuck Anderson wrote:
> I've been having issues with BIND so I set up the named process to
> dump core and enabled allow_daemons_dump_core. However, it would not
> create any core file until I put SELinux into permissive mode. I also
> didn't get any audit messages related to the failed core dump. Why is
> that? The CWD of the process is /var/named which is where the core
> dump got written after I put SELinux in permissive mode.
> fedora-selinux-list mailing list
allow_daemons_dump_core, is only allowing daemons to create new files in /
It would not allow named to create a file in /var/named.
So I guess we need to add a rule to allow named to write to named_zone_t
if this boolean is set, or make named use / as its cwd.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
fedora-selinux-list mailing list