AW: AW: AW: AW: named 9.3.3 start-script

Hi Kostas,

woo, this seems to become really difficult. I've never seen one of this 
commands before... :D

Is it very unsecure to disable SElinux completely (if this is possible)?
Until now it is set to permissive

[root@host1 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        targeted

Would it make a difference if I simply put a symlink from /var/named to 
/configs/named?

I'll now read some manpages to learn what this commands are for.

PS: other programs (xinetd, vsftpd) had no problem with their configuration on 
the replicated disk, why has BIND such a problem with that. *grml


> -----Ursprüngliche Nachricht-----
> Von: rhelv5-list-bounces-H+wXaHxf7aLQT0dZR+AlfA@xxxxxxxxxxxxxxxx 
> [mailto:rhelv5-list-bounces@xxxxxxxxxx] Im
> Auftrag von Kostas Georgiou
> Gesendet: Dienstag, 8. Juli 2008 14:48
> An: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
> Betreff: Re: AW: AW: AW: [rhelv5-list] named 9.3.3 start-script
> 
> On Tue, Jul 08, 2008 at 01:07:54PM +0200, Schmidt, Florian wrote:
> 
> > Yeah, it is starting, after setting SElinux state to permissive and 
> > removing the line
> I added to /etc/sysconfig/named.
> > Problem is: It will not stop -.-
> > In /var/log/audit/.. are a lot of named-related entries. Would it be 
> > helpful to post
> some of them?
> 
> If you want to use named in a different directory than /var/named with
> selinux enabled you need to have the right selinux labels in the new 
> directory.
> You can compare the security labels with ls -Z /var/named /configs/named
> 
> Something like:
>   semanage fcontext -l | grep /var/named
> to see which labels you need and then running for all of them
>   chcon -t system_u:object_r:named_zone_t:s0 /configs/named/*
>   ...
> or for a more permanent setup
>   semanage fcontext -a -t system_u:object_r:named_zone_t:s0
> '/configs/named(/.*)?'
>   ...
>   restorecon -R /configs/named
> will give you the correct selinux setup.
> You might need to label /configs as system_u:object_r:var_t also I
> think.
> 
> Kostas
 
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list-H+wXaHxf7aLQT0dZR+AlfA@xxxxxxxxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/rhelv5-list