From: Sander Hoentjen <sander@hoentjen.eu>
Date: Thu, 20 Jun 2013 14:38:06 +0000 (+0200)
Subject: add selinux policy files
X-Git-Tag: rec-3.6.0-rc1~637^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F876%2Fhead;p=thirdparty%2Fpdns.git

add selinux policy files
---

diff --git a/contrib/selinux/pdns.fc b/contrib/selinux/pdns.fc
new file mode 100644
index 0000000000..4d7af1e4e0
--- /dev/null
+++ b/contrib/selinux/pdns.fc
@@ -0,0 +1,6 @@
+/usr/sbin/pdns_server           --      gen_context(system_u:object_r:named_exec_t,s0)
+/etc/pdns/pdns\.conf            --      gen_context(system_u:object_r:named_conf_t,s0)
+/var/run/pdns\.controlsocket    -s      gen_context(system_u:object_r:named_var_run_t,s0)
+/var/run/pdns\.pid              --      gen_context(system_u:object_r:named_var_run_t,s0)
+/usr/bin/pdns_control		--	gen_context(system_u:object_r:ndc_exec_t,s0)
+/usr/bin/pdnssec		--      gen_context(system_u:object_r:ndc_exec_t,s0)
diff --git a/contrib/selinux/pdns.if b/contrib/selinux/pdns.if
new file mode 100644
index 0000000000..3eb6a3057b
--- /dev/null
+++ b/contrib/selinux/pdns.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/contrib/selinux/pdns.te b/contrib/selinux/pdns.te
new file mode 100644
index 0000000000..95960d7cc5
--- /dev/null
+++ b/contrib/selinux/pdns.te
@@ -0,0 +1,16 @@
+policy_module(pdns,0.9.0)
+
+require{
+	type named_t;
+}
+
+#only needed if using the guardian
+allow named_t self:capability { kill };
+
+#gmysql backend:
+mysql_read_config(named_t)
+files_read_usr_files(named_t)
+mysql_stream_connect(named_t)
+
+#postgres backend:
+postgresql_stream_connect(named_t)