search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.63k stars 904 forks source link

selinux confinment missing #8228

Open sigbjorntux opened 5 years ago

sigbjorntux commented 5 years ago

In the the latest 4.2.0 version of the pdns recursor, the pdns_recursor process is currently unconfined by selinux. Please make sure the pdns processes have a selinux policy installed to properly confine the pdns processes.

system_u:system_r:unconfined_service_t:s0 pdns-re+ 22638 1 0 11:23 ? 00:00:00 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no

Expected behaviour

The pdns process is confined by selinux.

Actual behaviour

The pdns process are not confined by selinux.

Habbie commented 5 years ago

Hello! It is unlikely we will prioritise this any time soon - help is welcome. https://github.com/fedora-selinux/selinux-policy-contrib/ might be a better place for this work than our repository, by the way.