|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(bind, 1.14.1)
|
|
|
+policy_module(bind, 1.14.6)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
@@ -83,6 +83,12 @@ allow named_t self:tcp_socket { accept listen };
|
|
|
|
|
|
allow named_t dnssec_t:file read_file_perms;
|
|
|
|
|
|
+gen_require(`
|
|
|
+ type var_lib_t;
|
|
|
+ type initrc_t;
|
|
|
+')
|
|
|
+type_transition initrc_t var_lib_t:file dnssec_t;
|
|
|
+
|
|
|
allow named_t named_conf_t:dir list_dir_perms;
|
|
|
read_files_pattern(named_t, named_conf_t, named_conf_t)
|
|
|
read_lnk_files_pattern(named_t, named_conf_t, named_conf_t)
|
|
@@ -127,6 +133,7 @@ corenet_tcp_sendrecv_generic_node(named_t)
|
|
|
corenet_udp_sendrecv_generic_node(named_t)
|
|
|
corenet_tcp_bind_generic_node(named_t)
|
|
|
corenet_udp_bind_generic_node(named_t)
|
|
|
+corenet_tcp_bind_all_unreserved_ports(named_t)
|
|
|
|
|
|
corenet_sendrecv_all_server_packets(named_t)
|
|
|
corenet_tcp_bind_dns_port(named_t)
|