Bug 1759505

Summary: No SELinux context for /etc/named directory
Product: Red Hat Enterprise Linux 8 Reporter: Lukas Vrabec <lvrabec>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.2CC: benl, cheimes, cjeanner, dwalsh, lvrabec, mmalik, plautrba, ssekidde, zpytela
Target Milestone: rcKeywords: AutoVerified, Patch
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1759495 Environment:
Last Closed: 2020-04-28 16:41:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1759495    
Bug Blocks:    

Description Lukas Vrabec 2019-10-08 11:27:46 UTC 
+++ This bug was initially created as a clone of Bug #1759495 +++

Description of problem:

We're currently lacking proper SELinux context for /etc/named directory.

Version-Release number of selected component (if applicable):
3.14.3.46.fc30

How reproducible:
Always

Steps to Reproduce:
1. Ensure selinux-policy-targeted is installed and up to date
2. Run sudo semanage fcontext -l | grep named_conf_t


Actual results:
No match for /etc/named/ directory (only plain files)

Expected results:
We should match something like unbound:
/etc/named(/.*)?                                 regular files          system_u:object_r:named_conf_t:s0
(or filter only *.conf, or...)

Additional info:
This will be required for FreeIPA once https://github.com/freeipa/freeipa/pull/3725 is merged.

--- Additional comment from Lukas Vrabec on 2019-10-08 13:13:49 CEST ---

commit e3afa28f5ff79a59e5ef529bccd0dc28fea75226 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Tue Oct 8 13:12:00 2019 +0200

    Label /etc/named direcotory as named_conf_t BZ(1759495)

Fixed will be part of updates for Fedora 30+.
Comment 10 errata-xmlrpc 2020-04-28 16:41:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1773