From: Ruben Kerkhof Date: Sat, 6 Aug 2016 10:23:59 +0000 (+0200) Subject: Remove SELinux policy X-Git-Tag: rec-4.0.2~42^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=541d8dc1a4d2d03bc6adda6595ca843398da1ab8;p=pdns Remove SELinux policy I wrote new policy from scratch which has been upstreamed a while ago. --- diff --git a/contrib/selinux/pdns.fc b/contrib/selinux/pdns.fc deleted file mode 100644 index 871c11625..000000000 --- a/contrib/selinux/pdns.fc +++ /dev/null @@ -1,9 +0,0 @@ -/usr/sbin/pdns_server -- gen_context(system_u:object_r:named_exec_t,s0) -/etc/pdns(/.*)? -- gen_context(system_u:object_r:named_conf_t,s0) -/etc/pdns(/.*)? -d gen_context(system_u:object_r:named_conf_t,s0) -/var/run/pdns\.controlsocket -s gen_context(system_u:object_r:named_var_run_t,s0) -/var/run/pdns\.pid -- gen_context(system_u:object_r:named_var_run_t,s0) -/usr/bin/pdns_control -- gen_context(system_u:object_r:ndc_exec_t,s0) -/usr/bin/pdnsutil -- gen_context(system_u:object_r:ndc_exec_t,s0) -/var/(cache|lib)/pdns(/.*)? -- gen_context(system_u:object_r:named_cache_t,s0) -/var/(cache|lib)/pdns(/.*)? -d gen_context(system_u:object_r:named_cache_t,s0) diff --git a/contrib/selinux/pdns.if b/contrib/selinux/pdns.if deleted file mode 100644 index 3eb6a3057..000000000 --- a/contrib/selinux/pdns.if +++ /dev/null @@ -1 +0,0 @@ -## diff --git a/contrib/selinux/pdns.te b/contrib/selinux/pdns.te deleted file mode 100644 index 488b4a6eb..000000000 --- a/contrib/selinux/pdns.te +++ /dev/null @@ -1,38 +0,0 @@ -policy_module(pdns,0.9.5) - -require{ - type named_t; - type named_cache_t; - type named_conf_t; - type named_var_run_t; - type ndc_t; - type tmp_t; - class file { getattr unlink append read setattr write lock create rename link open }; - class sock_file { create read write unlink setattr getattr }; - class dir { add_name write read remove_name }; -} - -#only needed if using the guardian -allow named_t self:capability { kill }; - -#gmysql backend: -mysql_read_config(named_t) -files_read_usr_files(named_t) -mysql_stream_connect(named_t) - -#postgres backend: -postgresql_stream_connect(named_t) - -#bind backend: -allow named_t named_cache_t:file { getattr unlink append read setattr write lock create rename link open }; -allow named_t named_cache_t:dir { add_name write read remove_name }; -allow named_t named_conf_t:file { read open }; -allow named_t named_var_run_t:file { getattr unlink append read setattr write lock create rename link open }; - -# other stuff -allow named_t var_run_t:sock_file { create read write unlink setattr getattr }; -allow ndc_t tmp_t:sock_file { create read write unlink setattr getattr }; -allow ndc_t tmp_t:file {getattr unlink append read setattr write lock create rename link open }; -allow ndc_t tmp_t:dir { add_name write read remove_name }; -allow ndc_t var_run_t:sock_file { create read write unlink }; -allow ndc_t named_conf_t:file { read open };