From 667fce216d81e730e02085a88200596731f99387 Mon Sep 17 00:00:00 2001 From: jvdias Date: Feb 07 2006 21:47:53 +0000 Subject: regenerate for non-DBUS builds --- diff --git a/bind-9.3.2-redhat_doc.patch b/bind-9.3.2-redhat_doc.patch new file mode 100644 index 0000000..48c2590 --- /dev/null +++ b/bind-9.3.2-redhat_doc.patch @@ -0,0 +1,78 @@ +--- bind-9.3.2/bin/named/named.8.redhat_doc 2005-10-12 22:33:46.000000000 -0400 ++++ bind-9.3.2/bin/named/named.8 2006-02-07 15:56:31.000000000 -0500 +@@ -169,6 +169,75 @@ + .TP + \fI/var/run/named.pid\fR + The default process\-id file. ++.PP ++.SH "NOTES" ++.PP ++.TP ++\fBRed Hat SELinux BIND Security Profile:\fR ++.PP ++By default, Red Hat ships BIND with the most secure SELinux policy ++that will not prevent normal BIND operation and will prevent exploitation ++of all known BIND security vulnerabilities . See the selinux(8) man page ++for information about SElinux. ++.PP ++It is not necessary to run named in a chroot environment if the Red Hat ++SELinux policy for named is enabled. When enabled, this policy is far ++more secure than a chroot environment. Users are recommended to enable ++SELinux and remove the bind-chroot package. ++.PP ++With this extra security comes some restrictions: ++.PP ++By default, the SELinux policy does not allow named to write any master ++zone database files. Only the root user may create files in the $ROOTDIR/var/named ++zone database file directory (the options { "directory" } option), where ++$ROOTDIR is set in /etc/sysconfig/named. ++.PP ++The "named" group must be granted read privelege to ++these files in order for named to be enabled to read them. ++.PP ++Any file created in the zone database file directory is automatically assigned ++the SELinux file context named_zone_t . ++.PP ++By default, SELinux prevents any role from modifying named_zone_t files; this ++means that files in the zone database directory cannot be modified by dynamic ++DNS (DDNS) updates or zone transfers. ++.PP ++The Red Hat BIND distribution and SELinux policy creates two directories where ++named is allowed to create and modify files: $ROOTDIR/var/named/slaves and ++$ROOTDIR/var/named/data. By placing files you want named to modify, such as ++slave or DDNS updateable zone files and database / statistics dump files in ++these directories, named will work normally and no further operator action is ++required. Files in these directories are automatically assigned the 'named_cache_t' ++file context, which SELinux allows named to write. ++.PP ++You can enable the named_t domain to write and create named_zone_t files by use ++of the SELinux tunable boolean variable "named_write_master_zones", using the ++setsebool(8) command or the system-config-security GUI . If you do this, you ++must also set the ENABLE_ZONE_WRITE variable in /etc/sysconfig/named to ++1 / yes to set the ownership of files in the $ROOTDIR/var/named directory ++to named:named in order for named to be allowed to write them. ++.PP ++\fBRed Hat BIND named_sdb SDB support:\fR ++.PP ++Red Hat ships the bind-sdb RPM that provides the /usr/sbin/named_sdb program, ++which is named compiled with the Simplified Database Backend modules that ISC ++provides in the "contrib/sdb" directory. ++.PP ++The SDB modules for LDAP, PostGreSQL and DirDB are compiled into named_sdb. ++.PP ++To run named_sdb, set the ENABLE_SDB variable in /etc/sysconfig/named to 1 or "yes", ++and then the "service named start" named initscript will run named_sdb instead ++of named . ++.PP ++See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ . ++.br ++.PP ++\fBRed Hat system-config-bind:\fR ++.PP ++Red Hat provides the system-config-bind GUI to configure named.conf and zone ++database files. Run the "system-config-bind" command and access the manual ++by selecting the Help menu. ++.PP + .SH "SEE ALSO" + .PP + RFC 1033,