667fce regenerate for non-DBUS builds

Authored and Committed by jvdias 18 years ago
    regenerate for non-DBUS builds
    
        
bind-9.3.2-redhat_doc.patch ADDED
@@ -0,0 +1,78 @@
1
+ --- bind-9.3.2/bin/named/named.8.redhat_doc 2005-10-12 22:33:46.000000000 -0400
2
+ +++ bind-9.3.2/bin/named/named.8 2006-02-07 15:56:31.000000000 -0500
3
+ @@ -169,6 +169,75 @@
4
+ .TP
5
+ \fI/var/run/named.pid\fR
6
+ The default process\-id file.
7
+ +.PP
8
+ +.SH "NOTES"
9
+ +.PP
10
+ +.TP
11
+ +\fBRed Hat SELinux BIND Security Profile:\fR
12
+ +.PP
13
+ +By default, Red Hat ships BIND with the most secure SELinux policy
14
+ +that will not prevent normal BIND operation and will prevent exploitation
15
+ +of all known BIND security vulnerabilities . See the selinux(8) man page
16
+ +for information about SElinux.
17
+ +.PP
18
+ +It is not necessary to run named in a chroot environment if the Red Hat
19
+ +SELinux policy for named is enabled. When enabled, this policy is far
20
+ +more secure than a chroot environment. Users are recommended to enable
21
+ +SELinux and remove the bind-chroot package.
22
+ +.PP
23
+ +With this extra security comes some restrictions:
24
+ +.PP
25
+ +By default, the SELinux policy does not allow named to write any master
26
+ +zone database files. Only the root user may create files in the $ROOTDIR/var/named
27
+ +zone database file directory (the options { "directory" } option), where
28
+ +$ROOTDIR is set in /etc/sysconfig/named.
29
+ +.PP
30
+ +The "named" group must be granted read privelege to
31
+ +these files in order for named to be enabled to read them.
32
+ +.PP
33
+ +Any file created in the zone database file directory is automatically assigned
34
+ +the SELinux file context named_zone_t .
35
+ +.PP
36
+ +By default, SELinux prevents any role from modifying named_zone_t files; this
37
+ +means that files in the zone database directory cannot be modified by dynamic
38
+ +DNS (DDNS) updates or zone transfers.
39
+ +.PP
40
+ +The Red Hat BIND distribution and SELinux policy creates two directories where
41
+ +named is allowed to create and modify files: $ROOTDIR/var/named/slaves and
42
+ +$ROOTDIR/var/named/data. By placing files you want named to modify, such as
43
+ +slave or DDNS updateable zone files and database / statistics dump files in
44
+ +these directories, named will work normally and no further operator action is
45
+ +required. Files in these directories are automatically assigned the 'named_cache_t'
46
+ +file context, which SELinux allows named to write.
47
+ +.PP
48
+ +You can enable the named_t domain to write and create named_zone_t files by use
49
+ +of the SELinux tunable boolean variable "named_write_master_zones", using the
50
+ +setsebool(8) command or the system-config-security GUI . If you do this, you
51
+ +must also set the ENABLE_ZONE_WRITE variable in /etc/sysconfig/named to
52
+ +1 / yes to set the ownership of files in the $ROOTDIR/var/named directory
53
+ +to named:named in order for named to be allowed to write them.
54
+ +.PP
55
+ +\fBRed Hat BIND named_sdb SDB support:\fR
56
+ +.PP
57
+ +Red Hat ships the bind-sdb RPM that provides the /usr/sbin/named_sdb program,
58
+ +which is named compiled with the Simplified Database Backend modules that ISC
59
+ +provides in the "contrib/sdb" directory.
60
+ +.PP
61
+ +The SDB modules for LDAP, PostGreSQL and DirDB are compiled into named_sdb.
62
+ +.PP
63
+ +To run named_sdb, set the ENABLE_SDB variable in /etc/sysconfig/named to 1 or "yes",
64
+ +and then the "service named start" named initscript will run named_sdb instead
65
+ +of named .
66
+ +.PP
67
+ +See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
68
+ +.br
69
+ +.PP
70
+ +\fBRed Hat system-config-bind:\fR
71
+ +.PP
72
+ +Red Hat provides the system-config-bind GUI to configure named.conf and zone
73
+ +database files. Run the "system-config-bind" command and access the manual
74
+ +by selecting the Help menu.
75
+ +.PP
76
+ .SH "SEE ALSO"
77
+ .PP
78
+ RFC 1033,