[selinux-policy: 2808/3172] system-config-samba dbus service policy from Dan Walsh

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:09:55 UTC 2010 

commit 68e615ec5a11b6d65c8fe9a85cf83855167cf801
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Mon Jun 28 11:52:55 2010 -0400

    system-config-samba dbus service policy from Dan Walsh

 policy/modules/apps/sambagui.fc |    1 +
 policy/modules/apps/sambagui.if |    2 +
 policy/modules/apps/sambagui.te |   57 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/apps/sambagui.fc b/policy/modules/apps/sambagui.fc
new file mode 100644
index 0000000..c13d607
--- /dev/null
+++ b/policy/modules/apps/sambagui.fc
@@ -0,0 +1 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py		--	gen_context(system_u:object_r:sambagui_exec_t,s0)
diff --git a/policy/modules/apps/sambagui.if b/policy/modules/apps/sambagui.if
new file mode 100644
index 0000000..b31ed10
--- /dev/null
+++ b/policy/modules/apps/sambagui.if
@@ -0,0 +1,2 @@
+## <summary>system-config-samba dbus service policy</summary>
+
diff --git a/policy/modules/apps/sambagui.te b/policy/modules/apps/sambagui.te
new file mode 100644
index 0000000..9ec1478
--- /dev/null
+++ b/policy/modules/apps/sambagui.te
@@ -0,0 +1,57 @@
+policy_module(sambagui, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type sambagui_t;
+type sambagui_exec_t;
+dbus_system_domain(sambagui_t, sambagui_exec_t)
+
+########################################
+#
+# system-config-samba local policy
+#
+
+allow sambagui_t self:capability dac_override;
+allow sambagui_t self:fifo_file rw_fifo_file_perms;
+allow sambagui_t self:unix_dgram_socket create_socket_perms;
+
+# read meminfo
+kernel_read_system_state(sambagui_t)
+
+# execut apps of system-config-samba
+corecmd_exec_shell(sambagui_t)
+corecmd_exec_bin(sambagui_t)
+
+dev_dontaudit_read_urand(sambagui_t)
+
+files_read_etc_files(sambagui_t)
+files_search_var_lib(sambagui_t)
+files_search_usr(sambagui_t)
+
+auth_use_nsswitch(sambagui_t)
+
+logging_send_syslog_msg(sambagui_t)
+
+miscfiles_read_localization(sambagui_t)
+
+nscd_dontaudit_search_pid(sambagui_t)
+
+# handling with samba conf files
+samba_append_log(sambagui_t)
+samba_manage_config(sambagui_t)
+samba_manage_var_files(sambagui_t)
+samba_read_secrets(sambagui_t)
+samba_initrc_domtrans(sambagui_t)
+samba_domtrans_smbd(sambagui_t)
+samba_domtrans_nmbd(sambagui_t)
+
+optional_policy(`
+	consoletype_exec(sambagui_t)
+')
+
+optional_policy(`
+	policykit_dbus_chat(sambagui_t)
+')

More information about the scm-commits mailing list