-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Chuck Anderson wrote:
I've been having issues with BIND so I set up the named process to dump core and enabled allow_daemons_dump_core. However, it would not create any core file until I put SELinux into permissive mode. I also didn't get any audit messages related to the failed core dump. Why is that? The CWD of the process is /var/named which is where the core dump got written after I put SELinux in permissive mode.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
allow_daemons_dump_core, is only allowing daemons to create new files in /
It would not allow named to create a file in /var/named.
So I guess we need to add a rule to allow named to write to named_zone_t if this boolean is set, or make named use / as its cwd.