Stephen Smalley wrote:
On Mon, 2004-03-15 at 09:40, Bill Nottingham wrote:
postinstall scriptlet (using /bin/sh): /sbin/chkconfig --add named if [ -f etc/named.boot -a ! -f etc/named.conf ]; then if [ -x /usr/sbin/named-bootconf ]; then cat etc/named.boot | /usr/sbin/named-bootconf > etc/named.conf chmod 644 etc/named.conf fi fi if [ ! -e /etc/rndc.key.rpmnew ]; then sed -e "s/@KEY@/`/usr/sbin/dns-keygen`/" /etc/rndc.key >/etc/rndc.key.tmp mv -f /etc/rndc.key.tmp /etc/rndc.key fi chmod 0640 /etc/rndc.conf etc/rndc.key chown root:named /etc/rndc.conf etc/rndc.key /sbin/ldconfig exit 0
sed & mv, actually.
Can you add a '/usr/sbin/restorecon etc/rndc.key' (and likewise for any similarly created files)? That should restore the context on it based on the installed file_contexts file.
bind 9-2-3-9 has this patch
> if [ -x /usr/sbin/restorecon ]; then > # > # Restore selinux file_context > # > /usr/sbin/restorecon /etc/rndc.key > fi
