[CentOS] Centos7 - SELinux messing with my named.conf

Well, actually it is me cp-ing files and SELinux yelling at me later...

I had named working, but detected that I had a couple clean ups to do in 
/etc/named.conf and an include file in /etc/named.

I made the changes, scp to my user id from my notebook, 'su' in my ssh 
session and cp the named.conf and other files.  Made sure to fix the 
file ownership with chown root:named, and that permissions were 
correct.  Then restarted named.  Of course if failed.  After a little 
playing and digging around I find:

# journalctl -xe
-- 
-- Unit named-setup-rndc.service has finished starting up.
-- 
-- The start-up result is done.
Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Starting Berkeley 
Internet Nam
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
Feb 09 16:27:41 rigel.htt-consult.com bash[3082]: open: /etc/named.conf: 
permiss
Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: named.service: control 
process
Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Failed to start 
Berkeley Inter
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has failed.
-- 
-- The result is failed.
Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: Unit named.service 
entered fai
Feb 09 16:27:41 rigel.htt-consult.com systemd[1]: named.service failed.
Feb 09 16:27:41 rigel.htt-consult.com polkitd[567]: Unregistered 
Authentication

setenforce 0

and named starts right up, indicating it IS a SELinux issue.

So what SELinux magic do I need here and were is it documented?

thanks