[selinux-policy: 803/3172] Added rules to the smbd_t and the nmbd_t domains so that they would start properly

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:14:31 UTC 2010 

commit fa16f25281a5232668e604e234331344329675c6
Author: Don Miner <dminer at tresys.com>
Date:   Mon Oct 24 12:45:16 2005 +0000

    Added rules to the smbd_t and the nmbd_t domains so that they would start properly

 refpolicy/policy/modules/services/samba.te |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index ae2ede6..853c334 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -157,6 +157,7 @@ in_user_role(samba_net_t)
 allow smbd_t self:capability { setgid setuid sys_resource lease dac_override dac_read_search };
 dontaudit smbd_t self:capability sys_tty_config;
 allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow smbd_t self:process setrlimit;
 allow smbd_t self:fd use;
 allow smbd_t self:fifo_file rw_file_perms;
 allow smbd_t self:msg { send receive };
@@ -170,7 +171,7 @@ allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
 allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
 allow smbd_t samba_etc_t:dir rw_dir_perms;
-allow smbd_t samba_etc_t:file r_file_perms;
+allow smbd_t samba_etc_t:file { rw_file_perms setattr };
 
 allow smbd_t samba_log_t:dir ra_dir_perms;
 dontaudit smbd_t samba_log_t:dir remove_name;
@@ -339,11 +340,15 @@ kernel_read_software_raid_state(nmbd_t)
 kernel_read_system_state(nmbd_t)
 
 corenet_tcp_sendrecv_all_if(nmbd_t)
+corenet_udp_sendrecv_all_if(nmbd_t)
 corenet_raw_sendrecv_all_if(nmbd_t)
 corenet_tcp_sendrecv_all_nodes(nmbd_t)
+corenet_udp_sendrecv_all_nodes(nmbd_t)
 corenet_raw_sendrecv_all_nodes(nmbd_t)
 corenet_tcp_sendrecv_all_ports(nmbd_t)
+corenet_udp_sendrecv_all_ports(nmbd_t)
 corenet_tcp_bind_all_nodes(nmbd_t)
+corenet_udp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_nmbd_port(nmbd_t)
 
 dev_read_sysfs(nmbd_t)

More information about the scm-commits mailing list