20200516 - se-linux support and example crontab

example_root_crontab

@@ -0,0 +1,20 @@
+# This is an example crontab file, which assumes the user (e.g. root) 
+# has no crontab file yet, at all.  You may want to do:
+# 'crontab -l' to validate that assumption...
+# if valid, feel free to edit values below, and then run 
+#     'crontab example_crontab_file'
+# if invalid, you'll need to merge at least the last line into your
+# current crontab file
+#
+# use /bin/bash to run commands, no matter what /etc/passwd says
+SHELL=/bin/bash
+# mail any output to user `nick', no matter whose crontab this is
+# nick is an example username...replace with your prefered recipient
+MAILTO=nick
+CRON_TZ=EST5EDT
+PATH=/usr/share/Modules/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+# run five minutes after 2am, every day
+# assumes your rpz domain file is /etc/bin/db.rpz.example.com and 
+# your rpz domain is named rpz.example.com in your BIND config
+5 2 * * * (cd /path/to/bind-adblock/bind-adblock-master; python3 ./update-zonefile.py /etc/bind/db.rpz.example.com rpz.example.com) 2>&1
+

update-zonefile.py

@@ -278,6 +278,15 @@ def save_zone(tmpzonefile, zonefile, origin, raw):
     else:
         if check_zone(args.origin, tmpzonefile):
             save_zone(tmpzonefile, args.zonefile, args.origin, args.raw_zone)
+            cmd = ['/usr/sbin/getenforce']
+            r = subprocess.check_output(cmd).strip()
+            print('SELinux getenforce output / Current State is: ',r)
+            if r == b'Enforcing':
+                print('SELinux restorecon being run to reset MAC security context on zone file')
+                cmd = ['/sbin/restorecon', '-F', args.zonefile]
+                r = subprocess.call(cmd)
+                if r != 0:
+                    raise Exception('Cannot run selinux restorecon on the zonefile - return code {}'.format(r))
             reload_zone(args.origin)
         else:
             print('Zone file invalid, not loading')