From dd57ca34545ce6394bbd604fc7a6e9cb02ea75fe Mon Sep 17 00:00:00 2001
From: Don Miner <dminer@tresys.com>
Date: Mon, 24 Oct 2005 18:06:31 +0000
Subject: [PATCH] Added rules to the bind policy for the named server so that
 it would start

---
 refpolicy/policy/modules/services/bind.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 5646bb24..9fe4d030 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -52,7 +52,7 @@ role system_r types ndc_t;
 
 allow named_t self:capability { chown dac_override fowner setgid setuid sys_chroot sys_nice sys_resource };
 dontaudit named_t self:capability sys_tty_config;
-allow named_t self:process { setsched setcap setrlimit };
+allow named_t self:process { setsched setcap setrlimit signal_perms };
 allow named_t self:fifo_file rw_file_perms;
 allow named_t self:unix_stream_socket create_stream_socket_perms;
 allow named_t self:unix_dgram_socket create_socket_perms;
@@ -82,6 +82,7 @@ allow named_t named_tmp_t:dir create_dir_perms;
 allow named_t named_tmp_t:file create_file_perms;
 files_create_tmp_files(named_t, named_tmp_t, { file dir })
 
+allow named_t named_var_run_t:dir rw_dir_perms;
 allow named_t named_var_run_t:file create_file_perms;
 allow named_t named_var_run_t:sock_file create_file_perms;
 files_create_pid(named_t,named_var_run_t,{ file sock_file })