Djbdns patch from Dan Walsh.
This commit is contained in:
parent
4a8bd017aa
commit
44b3808ba5
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create a set of derived types for djbdns
|
## Create a set of derived types for djbdns
|
||||||
## components that are directly supervised by daemontools.
|
## components that are directly supervised by daemontools.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="prefix">
|
## <param name="prefix">
|
||||||
@ -26,6 +26,8 @@ template(`djbdns_daemontools_domain_template',`
|
|||||||
daemontools_read_svc(djbdns_$1_t)
|
daemontools_read_svc(djbdns_$1_t)
|
||||||
|
|
||||||
allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
|
allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
|
||||||
|
allow djbdns_$1_t self:process signal;
|
||||||
|
allow djbdns_$1_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow djbdns_$1_t self:tcp_socket create_stream_socket_perms;
|
allow djbdns_$1_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow djbdns_$1_t self:udp_socket create_socket_perms;
|
allow djbdns_$1_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
@ -50,3 +52,39 @@ template(`djbdns_daemontools_domain_template',`
|
|||||||
|
|
||||||
files_search_var(djbdns_$1_t)
|
files_search_var(djbdns_$1_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
#####################################
|
||||||
|
## <summary>
|
||||||
|
## Allow search the djbdns-tinydns key ring.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`djbdns_search_tinydns_keys',`
|
||||||
|
gen_require(`
|
||||||
|
type djbdns_tinydns_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 djbdns_tinydns_t:key search;
|
||||||
|
')
|
||||||
|
|
||||||
|
#####################################
|
||||||
|
## <summary>
|
||||||
|
## Allow link to the djbdns-tinydns key ring.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`djbdns_link_tinydns_keys',`
|
||||||
|
gen_require(`
|
||||||
|
type djbdns_tinydn_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 djbdns_tinydn_t:key link;
|
||||||
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(djbdns, 1.3.0)
|
policy_module(djbdns, 1.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -42,3 +42,10 @@ allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms;
|
|||||||
files_search_var(djbdns_axfrdns_t)
|
files_search_var(djbdns_axfrdns_t)
|
||||||
|
|
||||||
ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Local policy for tinydns
|
||||||
|
#
|
||||||
|
|
||||||
|
init_dontaudit_use_script_fds(djbdns_tinydns_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user