[selinux-policy: 1055/3172] fixes

[Daniel J Walsh]

commit be1e6ebce088b434e1c2a5dd9774368baeb14538
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Dec 13 16:17:23 2005 +0000

    fixes

 refpolicy/policy/modules/services/samba.te |   34 +++++++++++++++++++++++++--
 1 files changed, 31 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 733dc4c..7ad816f 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.1.1)
+policy_module(samba,1.1.2)
 
 #################################
 #
@@ -538,9 +538,25 @@ allow swat_t self:capability { setuid setgid };
 allow swat_t self:process signal_perms;
 allow swat_t self:fifo_file rw_file_perms;
 allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-allow swat_t self:tcp_socket connected_stream_socket_perms;
+allow swat_t self:netlink_audit_socket create;
+allow swat_t self:tcp_socket create_stream_socket_perms;
 allow swat_t self:udp_socket create_socket_perms;
 
+
+allow swat_t nmbd_exec_t:file { execute read };
+
+allow swat_t samba_etc_t:dir search;
+allow swat_t samba_etc_t:file { getattr write read };
+
+allow swat_t samba_log_t:dir search;
+allow swat_t samba_log_t:file append;
+
+allow swat_t smbd_exec_t:file execute ;
+
+allow swat_t smbd_t:process signull;
+
+allow swat_t smbd_var_run_t:file read;
+
 allow swat_t swat_tmp_t:dir create_dir_perms;
 allow swat_t swat_tmp_t:file create_file_perms;
 files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
@@ -549,10 +565,14 @@ allow swat_t swat_var_run_t:file create_file_perms;
 allow swat_t swat_var_run_t:dir rw_dir_perms;
 files_create_pid(swat_t,swat_var_run_t)
 
+allow swat_t winbind_exec_t:file execute;
+
 kernel_read_kernel_sysctl(swat_t)
 kernel_read_system_state(swat_t)
 kernel_read_network_state(swat_t)
 
+corecmd_search_sbin(swat_t)
+
 corenet_non_ipsec_sendrecv(swat_t)
 corenet_tcp_sendrecv_generic_if(swat_t)
 corenet_udp_sendrecv_generic_if(swat_t)
@@ -564,23 +584,31 @@ corenet_tcp_sendrecv_all_ports(swat_t)
 corenet_udp_sendrecv_all_ports(swat_t)
 corenet_tcp_bind_all_nodes(swat_t)
 corenet_udp_bind_all_nodes(swat_t)
+corenet_tcp_connect_smbd_port(swat_t)
 
 dev_read_urand(swat_t)
 
 files_read_etc_files(swat_t)
 files_search_home(swat_t)
-
+files_read_usr_files(swat_t)
 fs_getattr_xattr_fs(swat_t)
 
+auth_domtrans_chk_passwd(swat_t)
+
 libs_use_ld_so(swat_t)
 libs_use_shared_libs(swat_t)
 
 logging_send_syslog_msg(swat_t)
+logging_search_logs(swat_t)
 
 miscfiles_read_localization(swat_t)
 
 sysnet_read_config(swat_t)
 
+optional_policy(`cups',`
+	cups_read_rw_config(swat_t)
+')
+
 optional_policy(`kerberos',`
 	kerberos_use(swat_t)
 ')