On 09/24/2009 04:43 AM, Paul Howarth wrote:
> Today's update of bind in F11 suggests adding this line to
> /etc/rsyslog.conf to maintain logging with a chroot-ed bind:
>
> $AddUnixListenSocket /var/named/chroot/dev/log
>
> For this to work on F-11, I needed to add the following policy module:
>
> ::::::::::::::
> mybindchroot.fc
> ::::::::::::::
> /var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0)
> /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
>
> ::::::::::::::
> mybindchroot.te
> ::::::::::::::
> policy_module(mybindchroot, 0.0.4)
>
> require {
> type syslogd_t;
> }
>
> # rsyslog needs to search the bind chroot when creating
> # /dev/log in the chroot
> bind_search_cache(syslogd_t)
>
> I'd expect the same to apply in other releases too.
>
> Paul.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
>
Added to Rawhide,
Miroslav, you should add to F11.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list