CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

refpolicy: fix file contexts for bind

Browse Source 
Some files of bind are not installed to default pathes, fix the
security contexts for these files.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
This commit is contained in:
Xin Ouyang 2013-02-27 14:47:37 +08:00
parent 10754edb75
commit 30dfd0cd94
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-bind.patch Normal file
View File

@ -0,0 +1,36 @@
Subject: [PATCH] refpolicy: fix real path for bind.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
---
policy/modules/contrib/bind.fc | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc
index 59aa54f..3275671 100644
--- a/policy/modules/contrib/bind.fc
+++ b/policy/modules/contrib/bind.fc
@@ -1,10 +1,19 @@
/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/bind -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
/etc/rndc.* -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
/etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
+/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/named\.conf\.local -- gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/named\.conf\.options -- gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/rndc\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
+/var/cache/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
+
/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named-checkconf -- gen_context(system_u:object_r:named_checkconf_exec_t,s0)
--
1.7.9.5

1
recipes-security/refpolicy/refpolicy_2.20120725.inc
View File

@ -14,6 +14,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
file://poky-fc-fix-real-path_resolv.conf.patch \
file://poky-fc-fix-real-path_login.patch \
file://poky-fc-fix-real-path_shadow.patch \
file://poky-fc-fix-bind.patch \
"
# Specific policy for Poky