Description of problem: NSD4 (http://koji.fedoraproject.org/koji/buildinfo?buildID=706713) requires some changes to selinux-policy. (I know the build is for EL7, but one for Fedora is coming too) To make NSD4 work properly, I've executed the following commands: chcon -t nsd_exec_t /sbin/nsd-checkconf chcon -t nsd_exec_t /sbin/nsd-checkzone chcon -t nsd_exec_t /sbin/nsd-control chcon -t nsd_exec_t /sbin/nsd-control-setup and created (thanks to audit2policy) the following policy: module mypol 1.0; require { type tmp_t; type nsd_t; class capability net_admin;SELinux policy changes to make NSD4 work class dir { write create add_name }; class file { write create open }; } #============= nsd_t ============== allow nsd_t self:capability net_admin; allow nsd_t tmp_t:dir { write create add_name }; allow nsd_t tmp_t:file { write create open }; with those changes, it works
commit bd58eb43c6db1a4a1e5f746b751d082bda92fd85 Author: Lukas Vrabec <lvrabec> Date: Thu Jan 7 13:07:19 2016 +0100 Label some new nsd binaries as nsd_exec_t Allow nsd domain net_admin cap. Create label nsd_tmp_t for nsd tmp files/dirs BZ (1293146)
selinux-policy-3.13.1-158.2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.