Added rules to the bind policy for the named server so that it would start

2005-10-24 18:06:31 +00:00 · 2005-10-24 18:06:31 +00:00 · dd57ca3454
commit dd57ca3454
parent 57d8e6c7a3
1 changed files with 2 additions and 1 deletions
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@ -52,7 +52,7 @@ role system_r types ndc_t;

 allow named_t self:capability { chown dac_override fowner setgid setuid sys_chroot sys_nice sys_resource };
 dontaudit named_t self:capability sys_tty_config;
-allow named_t self:process { setsched setcap setrlimit };
+allow named_t self:process { setsched setcap setrlimit signal_perms };
 allow named_t self:fifo_file rw_file_perms;
 allow named_t self:unix_stream_socket create_stream_socket_perms;
 allow named_t self:unix_dgram_socket create_socket_perms;
@ -82,6 +82,7 @@ allow named_t named_tmp_t:dir create_dir_perms;
 allow named_t named_tmp_t:file create_file_perms;
 files_create_tmp_files(named_t, named_tmp_t, { file dir })

+allow named_t named_var_run_t:dir rw_dir_perms;
 allow named_t named_var_run_t:file create_file_perms;
 allow named_t named_var_run_t:sock_file create_file_perms;
 files_create_pid(named_t,named_var_run_t,{ file sock_file })