bind: fixes for unbound
Unbound maintains a copy of the root key in /etc/unbound/cache and needs to be able to manage it. Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
60d3cf03ed
commit
ae0a8b7fba
|
@ -13,6 +13,7 @@
|
|||
/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
/etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
/etc/unbound/cache(/.*)? gen_context(system_u:object_r:dnssec_t,s0)
|
||||
|
||||
/usr/bin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
|
||||
/usr/bin/named -- gen_context(system_u:object_r:named_exec_t,s0)
|
||||
|
|
|
@ -81,7 +81,8 @@ allow named_t self:fifo_file rw_fifo_file_perms;
|
|||
allow named_t self:unix_stream_socket { accept listen };
|
||||
allow named_t self:tcp_socket { accept listen };
|
||||
|
||||
allow named_t dnssec_t:file read_file_perms;
|
||||
allow named_t dnssec_t:file manage_file_perms;
|
||||
filetrans_pattern(named_t, named_conf_t, dnssec_t, dir, "cache")
|
||||
|
||||
allow named_t named_conf_t:dir list_dir_perms;
|
||||
read_files_pattern(named_t, named_conf_t, named_conf_t)
|
||||
|
|
Loading…
Reference in New Issue