From e3d0b186d1ab32d4a628aff57752778cd4833cb8 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Jun 08 2018 13:07:24 +0000
Subject: Use selinux boolean to enable writing


Resolves: rhbz#1569466

---

diff --git a/bind.spec b/bind.spec
index da80b44..1ca6b55 100644
--- a/bind.spec
+++ b/bind.spec
@@ -32,6 +32,7 @@
 %if %{with SDB}
 %global        chroot_sdb_prefix %{bind_dir}/chroot_sdb
 %endif
+%global        selinuxbooleans   named_write_master_zones=1
 ## The order of libs is important. See lib/Makefile.in for details
 %define bind_export_libs isc dns isccfg irs
 %{!?_export_dir:%global _export_dir /bind9-export/}
@@ -136,12 +137,14 @@ Obsoletes:      caching-nameserver < 31:9.4.1-7.fc8
 Provides:       caching-nameserver = 31:9.4.1-7.fc8
 Obsoletes:      dnssec-conf < 1.27-2
 Provides:       dnssec-conf = 1.27-2
+Requires(post): policycoreutils-python
+Requires(post): libselinux-utils
+Requires(post): selinux-policy
 BuildRequires:  gcc, make
-# FIXME: Enter correct version of policy changing the directory
-Conflicts:      selinux-policy < 3.13.1-283.34
 BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
 BuildRequires:  libidn2-devel, libxml2-devel, GeoIP-devel
 BuildRequires:  systemd
+BuildRequires:  selinux-policy
 # needed for %%{__python3} macro
 BuildRequires:  python3-devel
 BuildRequires:  python3-ply
@@ -934,6 +937,7 @@ fi;
 
 %post
 %?ldconfig
+%selinux_set_booleans %{selinuxbooleans}
 if [ "$1" -eq 1 ]; then
   # Initial installation
   [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
@@ -955,6 +959,7 @@ fi
 
 %postun
 %?ldconfig
+%selinux_unset_booleans %{selinuxbooleans}
 # Package upgrade, not uninstall
 %systemd_postun_with_restart named.service