regenerate for non-DBUS builds

1 files changed, 78 insertions, 0 deletions

diff --git a/bind-9.3.2-redhat_doc.patch b/bind-9.3.2-redhat_doc.patch
new file mode 100644
index 0000000..48c2590
--- /dev/null
+++ b/bind-9.3.2-redhat_doc.patch
@@ -0,0 +1,78 @@
+--- bind-9.3.2/bin/named/named.8.redhat_doc	2005-10-12 22:33:46.000000000 -0400
++++ bind-9.3.2/bin/named/named.8	2006-02-07 15:56:31.000000000 -0500
+@@ -169,6 +169,75 @@
+ .TP
+ \fI/var/run/named.pid\fR
+ The default process\-id file.
++.PP
++.SH "NOTES"
++.PP
++.TP
++\fBRed Hat SELinux BIND Security Profile:\fR
++.PP
++By default, Red Hat ships BIND with the most secure SELinux policy
++that will not prevent normal BIND operation and will prevent exploitation
++of all known BIND security vulnerabilities . See the selinux(8) man page
++for information about SElinux.
++.PP
++It is not necessary to run named in a chroot environment if the Red Hat
++SELinux policy for named is enabled. When enabled, this policy is far
++more secure than a chroot environment. Users are recommended to enable
++SELinux and remove the bind-chroot package.
++.PP
++With this extra security comes some restrictions:
++.PP
++By default, the SELinux policy does not allow named to write any master
++zone database files. Only the root user may create files in the $ROOTDIR/var/named
++zone database file directory (the options { "directory" } option), where
++$ROOTDIR is set in /etc/sysconfig/named.
++.PP
++The "named" group must be granted read privelege to 
++these files in order for named to be enabled to read them. 
++.PP
++Any file created in the zone database file directory is automatically assigned
++the SELinux file context named_zone_t .
++.PP
++By default, SELinux prevents any role from modifying named_zone_t files; this
++means that files in the zone database directory cannot be modified by dynamic
++DNS (DDNS) updates or zone transfers.
++.PP
++The Red Hat BIND distribution and SELinux policy creates two directories where
++named is allowed to create and modify files: $ROOTDIR/var/named/slaves and
++$ROOTDIR/var/named/data. By placing files you want named to modify, such as
++slave or DDNS updateable zone files and database / statistics dump files in 
++these directories, named will work normally and no further operator action is
++required. Files in these directories are automatically assigned the 'named_cache_t'
++file context, which SELinux allows named to write.
++.PP
++You can enable the named_t domain to write and create named_zone_t files by use
++of the SELinux tunable boolean variable "named_write_master_zones", using the
++setsebool(8) command or the system-config-security GUI . If you do this, you
++must also set the ENABLE_ZONE_WRITE variable in /etc/sysconfig/named to 
++1 / yes to set the ownership of files in the $ROOTDIR/var/named directory
++to named:named in order for named to be allowed to write them. 
++.PP
++\fBRed Hat BIND named_sdb SDB support:\fR
++.PP
++Red Hat ships the bind-sdb RPM that provides the /usr/sbin/named_sdb program,
++which is named compiled with the Simplified Database Backend modules that ISC
++provides in the "contrib/sdb" directory.
++.PP
++The SDB modules for LDAP, PostGreSQL and DirDB are compiled into named_sdb.
++.PP
++To run named_sdb, set the ENABLE_SDB variable in /etc/sysconfig/named to 1 or "yes",
++and then the "service named start" named initscript will run named_sdb instead
++of named .
++.PP
++See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
++.br
++.PP
++\fBRed Hat system-config-bind:\fR
++.PP
++Red Hat provides the system-config-bind GUI to configure named.conf and zone
++database files. Run the "system-config-bind" command and access the manual
++by selecting the Help menu.
++.PP
+ .SH "SEE ALSO"
+ .PP
+ RFC 1033,