From: sds@tycho.nsa.gov (Stephen Smalley)
Date: Wed, 18 Feb 2009 10:35:27 -0500
Subject: [refpolicy] dnssec_t
Message-ID: <1234971327.23775.6.camel@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

A question recently came up over on fedora-selinux-list on what type to
assign to the DNSSEC private key file to make it unreadable by the DNS
server.  There is a dnssec_t type defined in bind.te, but:
a) it is assigned to /etc/rndc.key, which is not the same thing, and
b) it is readable by named_t and by ndc_t.

So a few questions:
1) Should we be using a differently-named type for /etc/rndc.key that is
closer to its actual purpose (TSIG key for authenticating commands
between rndc and named)?

2) Do we need a new type for use for DNSSEC private key files that is
unreadable by all domains other than unconfined and admin domains?

3) Should we have a distinct type for DNSSEC public key files?

I'm not sure who added dnssec_t in the first place.
 
-- 
Stephen Smalley
National Security Agency