Added rules to the bind policy for the named server so that it would start
This commit is contained in:
parent
57d8e6c7a3
commit
dd57ca3454
@ -52,7 +52,7 @@ role system_r types ndc_t;
|
||||
|
||||
allow named_t self:capability { chown dac_override fowner setgid setuid sys_chroot sys_nice sys_resource };
|
||||
dontaudit named_t self:capability sys_tty_config;
|
||||
allow named_t self:process { setsched setcap setrlimit };
|
||||
allow named_t self:process { setsched setcap setrlimit signal_perms };
|
||||
allow named_t self:fifo_file rw_file_perms;
|
||||
allow named_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow named_t self:unix_dgram_socket create_socket_perms;
|
||||
@ -82,6 +82,7 @@ allow named_t named_tmp_t:dir create_dir_perms;
|
||||
allow named_t named_tmp_t:file create_file_perms;
|
||||
files_create_tmp_files(named_t, named_tmp_t, { file dir })
|
||||
|
||||
allow named_t named_var_run_t:dir rw_dir_perms;
|
||||
allow named_t named_var_run_t:file create_file_perms;
|
||||
allow named_t named_var_run_t:sock_file create_file_perms;
|
||||
files_create_pid(named_t,named_var_run_t,{ file sock_file })
|
||||
|
Loading…
Reference in New Issue
Block a user