Permalink
Browse files

add selinux policy files

  • Loading branch information...
1 parent 063076b commit 4d2e3f50a7523ca1dde52c0653feb43d02ef2039 @tjikkun tjikkun committed with Habbie Jun 20, 2013
Showing with 23 additions and 0 deletions.
  1. +6 −0 contrib/selinux/pdns.fc
  2. +1 −0 contrib/selinux/pdns.if
  3. +16 −0 contrib/selinux/pdns.te
@@ -0,0 +1,6 @@
+/usr/sbin/pdns_server -- gen_context(system_u:object_r:named_exec_t,s0)
+/etc/pdns/pdns\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
+/var/run/pdns\.controlsocket -s gen_context(system_u:object_r:named_var_run_t,s0)
+/var/run/pdns\.pid -- gen_context(system_u:object_r:named_var_run_t,s0)
+/usr/bin/pdns_control -- gen_context(system_u:object_r:ndc_exec_t,s0)
+/usr/bin/pdnssec -- gen_context(system_u:object_r:ndc_exec_t,s0)
@@ -0,0 +1 @@
+## <summary></summary>
@@ -0,0 +1,16 @@
+policy_module(pdns,0.9.0)
+
+require{
+ type named_t;
+}
+
+#only needed if using the guardian
+allow named_t self:capability { kill };
+
+#gmysql backend:
+mysql_read_config(named_t)
+files_read_usr_files(named_t)
+mysql_stream_connect(named_t)
+
+#postgres backend:
+postgresql_stream_connect(named_t)

0 comments on commit 4d2e3f5

Please sign in to comment.