[selinux-policy: 1055/3172] fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:36:06 UTC 2010
commit be1e6ebce088b434e1c2a5dd9774368baeb14538
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Dec 13 16:17:23 2005 +0000
fixes
refpolicy/policy/modules/services/samba.te | 34 +++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 733dc4c..7ad816f 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
-policy_module(samba,1.1.1)
+policy_module(samba,1.1.2)
#################################
#
@@ -538,9 +538,25 @@ allow swat_t self:capability { setuid setgid };
allow swat_t self:process signal_perms;
allow swat_t self:fifo_file rw_file_perms;
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow swat_t self:tcp_socket connected_stream_socket_perms;
+allow swat_t self:netlink_audit_socket create;
+allow swat_t self:tcp_socket create_stream_socket_perms;
allow swat_t self:udp_socket create_socket_perms;
+
+allow swat_t nmbd_exec_t:file { execute read };
+
+allow swat_t samba_etc_t:dir search;
+allow swat_t samba_etc_t:file { getattr write read };
+
+allow swat_t samba_log_t:dir search;
+allow swat_t samba_log_t:file append;
+
+allow swat_t smbd_exec_t:file execute ;
+
+allow swat_t smbd_t:process signull;
+
+allow swat_t smbd_var_run_t:file read;
+
allow swat_t swat_tmp_t:dir create_dir_perms;
allow swat_t swat_tmp_t:file create_file_perms;
files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
@@ -549,10 +565,14 @@ allow swat_t swat_var_run_t:file create_file_perms;
allow swat_t swat_var_run_t:dir rw_dir_perms;
files_create_pid(swat_t,swat_var_run_t)
+allow swat_t winbind_exec_t:file execute;
+
kernel_read_kernel_sysctl(swat_t)
kernel_read_system_state(swat_t)
kernel_read_network_state(swat_t)
+corecmd_search_sbin(swat_t)
+
corenet_non_ipsec_sendrecv(swat_t)
corenet_tcp_sendrecv_generic_if(swat_t)
corenet_udp_sendrecv_generic_if(swat_t)
@@ -564,23 +584,31 @@ corenet_tcp_sendrecv_all_ports(swat_t)
corenet_udp_sendrecv_all_ports(swat_t)
corenet_tcp_bind_all_nodes(swat_t)
corenet_udp_bind_all_nodes(swat_t)
+corenet_tcp_connect_smbd_port(swat_t)
dev_read_urand(swat_t)
files_read_etc_files(swat_t)
files_search_home(swat_t)
-
+files_read_usr_files(swat_t)
fs_getattr_xattr_fs(swat_t)
+auth_domtrans_chk_passwd(swat_t)
+
libs_use_ld_so(swat_t)
libs_use_shared_libs(swat_t)
logging_send_syslog_msg(swat_t)
+logging_search_logs(swat_t)
miscfiles_read_localization(swat_t)
sysnet_read_config(swat_t)
+optional_policy(`cups',`
+ cups_read_rw_config(swat_t)
+')
+
optional_policy(`kerberos',`
kerberos_use(swat_t)
')
More information about the scm-commits
mailing list