--- Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Well you can either add custom policy using
audit2allow, or you could
have syslog write to /var/log/named.log and then
mount -o bind into
/var/named/chroot like they do with the other stuff.
If I understand correctly what you are trying to do.
Well in the past, what I did was create a chroot for
bind using the bind-chroot rpm. Since bind was not
able to able to write to /var/log/named/named.log
outside of the chroot, I would create a socket
"/dev/log" inside of the chroot by modifying
/etc/sysconfig/syslog with the line
OPTIONS_SYSLOGD="-m 0 -a
/var/named/chroot/named/dev/log". That would create
the socket and bind would write to
/var/log/named/named.log. For some reason, now the
selinux policy for named will not allow this to
happen. What I am trying to find out is was this
changed by design? If so, why? I am not trying to be
a nuisance, rather I am trying to learn. Thanks.
Yahoo! Music Unlimited
Access over 1 million songs.