From 4d2e3f50a7523ca1dde52c0653feb43d02ef2039 Mon Sep 17 00:00:00 2001
From: Sander Hoentjen <sander@hoentjen.eu>
Date: Thu, 20 Jun 2013 16:38:06 +0200
Subject: [PATCH] add selinux policy files

---
 contrib/selinux/pdns.fc |  6 ++++++
 contrib/selinux/pdns.if |  1 +
 contrib/selinux/pdns.te | 16 ++++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 contrib/selinux/pdns.fc
 create mode 100644 contrib/selinux/pdns.if
 create mode 100644 contrib/selinux/pdns.te

diff --git a/contrib/selinux/pdns.fc b/contrib/selinux/pdns.fc
new file mode 100644
index 000000000..4d7af1e4e
--- /dev/null
+++ b/contrib/selinux/pdns.fc
@@ -0,0 +1,6 @@
+/usr/sbin/pdns_server           --      gen_context(system_u:object_r:named_exec_t,s0)
+/etc/pdns/pdns\.conf            --      gen_context(system_u:object_r:named_conf_t,s0)
+/var/run/pdns\.controlsocket    -s      gen_context(system_u:object_r:named_var_run_t,s0)
+/var/run/pdns\.pid              --      gen_context(system_u:object_r:named_var_run_t,s0)
+/usr/bin/pdns_control		--	gen_context(system_u:object_r:ndc_exec_t,s0)
+/usr/bin/pdnssec		--      gen_context(system_u:object_r:ndc_exec_t,s0)
diff --git a/contrib/selinux/pdns.if b/contrib/selinux/pdns.if
new file mode 100644
index 000000000..3eb6a3057
--- /dev/null
+++ b/contrib/selinux/pdns.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/contrib/selinux/pdns.te b/contrib/selinux/pdns.te
new file mode 100644
index 000000000..95960d7cc
--- /dev/null
+++ b/contrib/selinux/pdns.te
@@ -0,0 +1,16 @@
+policy_module(pdns,0.9.0)
+
+require{
+	type named_t;
+}
+
+#only needed if using the guardian
+allow named_t self:capability { kill };
+
+#gmysql backend:
+mysql_read_config(named_t)
+files_read_usr_files(named_t)
+mysql_stream_connect(named_t)
+
+#postgres backend:
+postgresql_stream_connect(named_t)
-- 
2.40.0