bind patch from Dan Walsh

some fixes in interfaces, added bind_setattr_zone_dirs interface
sysnet_read_config not needed with auth_use_nsswitch

Did not include init_read_script_tmp_files for named_t

policy/modules/services/bind.if

@@ -253,7 +253,7 @@ interface(`bind_manage_cache',`
 
 ########################################
 ## <summary>
-##	Do not audit attempts to set the attributes
+##	Allow domain to  set the attributes
 ##	of the BIND pid directory.
 ## </summary>
 ## <param name="domain">
@@ -270,6 +270,25 @@ interface(`bind_setattr_pid_dirs',`
 	allow $1 named_var_run_t:dir setattr;
 ')
 
+########################################
+## <summary>
+##	Allow domain to set attributes
+##	of the BIND zone directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`bind_setattr_zone_dirs',`
+	gen_require(`
+		type named_zone_t;
+	')
+
+	allow $1 named_zone_t:dir setattr;
+')
+
 ########################################
 ## <summary>
 ##	Read BIND zone files.
@@ -356,7 +375,7 @@ interface(`bind_admin',`
 
 	bind_run_ndc($1, $2)
 
-	init_labeled_script_domtrans($1, bind_initrc_exec_t)
+	init_labeled_script_domtrans($1, named_initrc_exec_t)
 	domain_system_change_exemption($1)
 	role_transition $2 named_initrc_exec_t system_r;
 	allow $2 system_r;

policy/modules/services/bind.te

@@ -145,8 +145,6 @@ logging_send_syslog_msg(named_t)
 miscfiles_read_localization(named_t)
 miscfiles_read_certs(named_t)
 
-sysnet_read_config(named_t)
-
 userdom_dontaudit_use_unpriv_user_fds(named_t)
 userdom_dontaudit_search_user_home_dirs(named_t)