[selinux-policy: 2633/3172] Djbdns patch from Dan Walsh.

[Daniel J Walsh]

commit 44b3808ba519ee0be4abc5fcb5d06708c4336fdf
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Apr 20 09:32:25 2010 -0400

    Djbdns patch from Dan Walsh.

 policy/modules/services/djbdns.if |   40 ++++++++++++++++++++++++++++++++++++-
 policy/modules/services/djbdns.te |    9 +++++++-
 2 files changed, 47 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if
index 00f84bb..ade3079 100644
--- a/policy/modules/services/djbdns.if
+++ b/policy/modules/services/djbdns.if
@@ -2,7 +2,7 @@
 
 ########################################
 ## <summary>
-##	Create a set of derived types for djbdns 
+##	Create a set of derived types for djbdns
 ##	components that are directly supervised by daemontools.
 ## </summary>
 ## <param name="prefix">
@@ -26,6 +26,8 @@ template(`djbdns_daemontools_domain_template',`
 	daemontools_read_svc(djbdns_$1_t)
 
 	allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
+	allow djbdns_$1_t self:process signal;
+	allow djbdns_$1_t self:fifo_file rw_fifo_file_perms;
 	allow djbdns_$1_t self:tcp_socket create_stream_socket_perms;
 	allow djbdns_$1_t self:udp_socket create_socket_perms;
 
@@ -50,3 +52,39 @@ template(`djbdns_daemontools_domain_template',`
 
 	files_search_var(djbdns_$1_t)
 ')
+
+#####################################
+## <summary>
+##	Allow search the djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`djbdns_search_tinydns_keys',`
+	gen_require(`
+		type djbdns_tinydns_t;
+	')
+
+	allow $1 djbdns_tinydns_t:key search;
+')
+
+#####################################
+## <summary>
+##	Allow link to the djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`djbdns_link_tinydns_keys',`
+	gen_require(`
+		type djbdns_tinydn_t;
+	')
+
+	allow $1 djbdns_tinydn_t:key link;
+')
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
index 89ab808..25006e9 100644
--- a/policy/modules/services/djbdns.te
+++ b/policy/modules/services/djbdns.te
@@ -1,5 +1,5 @@
 
-policy_module(djbdns, 1.3.0)
+policy_module(djbdns, 1.3.1)
 
 ########################################
 #
@@ -42,3 +42,10 @@ allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms;
 files_search_var(djbdns_axfrdns_t)
 
 ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+
+########################################
+#
+# Local policy for tinydns
+#
+
+init_dontaudit_use_script_fds(djbdns_tinydns_t)