SELinux/bind
From Gentoo Wiki
< SELinux
Jump to:navigation
Jump to:search
Structure
Domains
The named_t domain can only be transitioned towards through the initrc_t domain (i.e. through init scripts). The ndc_t domain (for the named domain controller) can be transitioned towards through the initrc_t and sysadm_t (general system administration) domains.
File types/labels
The following table lists the file type/labels defined in the bind module.
| Type | Function | Description |
|---|---|---|
| named_exec_t | Entrypoint | Entrypoint domain for the named binaries |
| named_initrc_exec_t | Entrypoint | Entrypoint domain for non-Gentoo init scripts |
| named_checkconf_exec_t | Entrypoint | Entrypoint for the checkconf binary |
| ndc_exec_t | Entrypoint | Entrypoint for the ndc binaries |
| dnssec_t | Configuration | Label for the key files used by the named daemon |
| named_zone_t | Configuration | Label for the primary zone files |
| named_cache_t | Configuration | Label for the cached zone files |
| named_conf_t | Configuration | Label for the named configuration files |
| named_log_t | Configuration | Label for the named log files |
| named_tmp_t | Label for the named temporary files | |
| named_var_run_t | Label for the named runtime variable data |
Using the bind SELinux module
SELinux boolean: named_write_master_zones
The named policy offers one boolean called named_write_master_zones which, when enabled, allows the named daemon to write to its master zone files (i.e. named_zone_t). This is used in master/slave setups.