On Fri, Sep 19, 2008 at 06:08:10AM -0700, aklist wrote: > On Thu, 18 Sep 2008 10:36:02 -0700 Chris Buxton <[EMAIL PROTECTED]> wrote > > > Here's the quick fix for a chroot'd path: > > > > What you see as /var/named/chroot/, named will see as /. Therefore, if > > you want the path to be /var/named/chroot/var/log, you would put /var/ > > log into the logging statement. > > > > You cannot put a symlink into the chroot jail that leads outside of > > the jail. You should not create any hardlinks in the jail that share > > nodes with outside files or directories, because that provides an > > attacker with an avenue for escape from the jail. What you can do is > > to put a symlink called 'named' into /var/log that points to /var/ > > named/chroot/var/log. Then if named is logging to /var/log (inside the > > jail), you can access its logs at the path /var/log/named. > > Thanks for that, Chris. > > > > And you should turn SELinux off if you don't have experience > > maintaining it. > > I wasn't aware that it was "on"...is this some feature of Fedora that's > enabled by default? >
That "feature" was enabled long time ago. You can read BIND FAQ (http://www.isc.org/index.pl?/sw/bind/FAQ.php), question "Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core". It should explain you how configure BIND & SELinux. Adam -- Adam Tkac, Red Hat, Inc.
