On 02/12/2017 10:50 AM, Robert Moskowitz wrote:
? What do I install for this?
You don't have to install anything. You'd just temporarily disable
"dontaudit" rules by running "semodule -BD". Give named time to log
additional "permission denied" errors, and then look for related AVC
On 02/12/2017 10:56 AM, Robert Moskowitz wrote:
It's probably safe to specify some range of higher numbered ports:
use-v4-udp-ports { range 10240 65535; };
use-v6-udp-ports { range 10240 65535; };
But that is not the ports that I am seeing in logwatch:
Yes, I know. The work-around in
On 02/12/2017 01:40 PM, Gordon Messmer wrote:
On 02/11/2017 08:56 PM, Robert Moskowitz wrote:
This seems to be bug 1103439 which was 'fixed' for Centos6.
What should I do about this? Is there a SELinux policy to apply or
should I the avoid upd-ports option in Bind?
It looks like that
On 02/12/2017 01:43 PM, Gordon Messmer wrote:
On 02/12/2017 10:40 AM, Gordon Messmer wrote:
I'm not seeing those errors logged, either, so maybe your system
differs from mine. If I'm misreading, hopefully someone will chime
in to clarify.
... Also, it might be useful to get the AVCs on
On 02/12/2017 10:40 AM, Gordon Messmer wrote:
I'm not seeing those errors logged, either, so maybe your system
differs from mine. If I'm misreading, hopefully someone will chime in
to clarify.
... Also, it might be useful to get the AVCs on your system. The bug
entry indicated that you'd
On 02/11/2017 08:56 PM, Robert Moskowitz wrote:
This seems to be bug 1103439 which was 'fixed' for Centos6.
What should I do about this? Is there a SELinux policy to apply or
should I the avoid upd-ports option in Bind?
It looks like that bug was assigned to the selinux-policy component,
This is my new Centos7 DNS server.
In logwatch I am seeing:
**Unmatched Entries**
dispatch 0xb4378008: open_socket(0.0.0.0#5546) -> permission denied:
continuing: 1 Time(s)
dispatch 0xb4463008: open_socket(::#1935) -> permission denied: continuing:
1 Time(s)
dispatch 0xb4464440:
7 matches
Mail list logo
