From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 18 Feb 2009 15:57:01 -0500 Subject: [refpolicy] dnssec_t In-Reply-To: <1234971327.23775.6.camel@localhost.localdomain> References: <1234971327.23775.6.camel@localhost.localdomain> Message-ID: <1234990621.5046.16.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2009-02-18 at 10:35 -0500, Stephen Smalley wrote: > A question recently came up over on fedora-selinux-list on what type to > assign to the DNSSEC private key file to make it unreadable by the DNS > server. There is a dnssec_t type defined in bind.te, but: > a) it is assigned to /etc/rndc.key, which is not the same thing, and > b) it is readable by named_t and by ndc_t. I'd have to look some more into DNSSEC to be sure, but my knee-jerk reaction is: > So a few questions: > 1) Should we be using a differently-named type for /etc/rndc.key that is > closer to its actual purpose (TSIG key for authenticating commands > between rndc and named)? I'd say yes. > 2) Do we need a new type for use for DNSSEC private key files that is > unreadable by all domains other than unconfined and admin domains? An alternative might be no_access_t, but I'm not so sure I like that. > 3) Should we have a distinct type for DNSSEC public key files? Not sure. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150