Yes, exactly to run named in different SELinux domains. Iam glad its doable,
do you mean use the canned policy for one named and create a new one for
another named process. Can you point me to any read on the web that can help
in doing this.
I guess its more of comfort level thing, I know BIND9 is quite secure and I
have'nt heard of any hacks. But if it happens then hacker can have
visibility to internal hosts information.
From: Paul Howarth [mailto:email@example.com]
Sent: Friday, June 30, 2006 3:50 PM
To: Faisal Ali
Subject: Re: Running two named processes in selinux
On Fri, 2006-06-30 at 12:48 -0400, Faisal Ali wrote:
Is it possible to run two named process in selinux each having
different file permissions. Instead of using DNS Views Iam thinking
about running two named processes, one for external and one for
internal. Ofcourse external named process will have access to
different set of files versus internal named process.
Can this be done.
Are you thinking of this with a view to running the two named processes in
different SELinux domains so that they cannot read/write each others'
files? That's do-able, but will need a custom policy for one of the daemons.
Or, are you asking whether simply running two different named processes is
possible with the default SELinux policy, with both running in the same
domain? That would be simpler, but still not as simple as using views (why
don't you want use views, since internal/external is just the sort of
application views were designed for?)?