Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

17.2. Types

The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with BIND. Different types allow you to configure flexible access:
named_zone_t
Used for master zone files. Other services cannot modify files of this type. The named daemon can only modify files of this type if the named_write_master_zones Boolean is enabled.
named_cache_t
By default, named can write to files labeled with this type, without additional Booleans being set. Files copied or created in the /var/named/slaves/,/var/named/dynamic/ and /var/named/data/ directories are automatically labeled with the named_cache_t type.
named_var_run_t
Files copied or created in the /var/run/bind/, /var/run/named/, and /var/run/unbound/ directories are automatically labeled with the named_var_run_t type.
named_conf_t
BIND-related configuration files, usually stored in the /etc directory, are automatically labeled with the named_conf_t type.
named_exec_t
BIND-related executable files, usually stored in the /usr/sbin/ directory, are automatically labeled with the named_exec_t type.
named_log_t
BIND-related log files, usually stored in the /var/log/ directory, are automatically labeled with the named_log_t type.
named_unit_file_t
Executable BIND-related files in the /usr/lib/systemd/system/ directory are automatically labeled with the named_unit_file_t type.