fixes
This commit is contained in:
Chris PeBenito
parent
bb43724465
commit
be1e6ebce0
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(samba,1.1.1)
|
||||
policy_module(samba,1.1.2)
|
||||
|
||||
#################################
|
||||
#
|
||||
@ -538,9 +538,25 @@ allow swat_t self:capability { setuid setgid };
|
||||
allow swat_t self:process signal_perms;
|
||||
allow swat_t self:fifo_file rw_file_perms;
|
||||
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
||||
allow swat_t self:tcp_socket connected_stream_socket_perms;
|
||||
allow swat_t self:netlink_audit_socket create;
|
||||
allow swat_t self:tcp_socket create_stream_socket_perms;
|
||||
allow swat_t self:udp_socket create_socket_perms;
|
||||
|
||||
|
||||
allow swat_t nmbd_exec_t:file { execute read };
|
||||
|
||||
allow swat_t samba_etc_t:dir search;
|
||||
allow swat_t samba_etc_t:file { getattr write read };
|
||||
|
||||
allow swat_t samba_log_t:dir search;
|
||||
allow swat_t samba_log_t:file append;
|
||||
|
||||
allow swat_t smbd_exec_t:file execute ;
|
||||
|
||||
allow swat_t smbd_t:process signull;
|
||||
|
||||
allow swat_t smbd_var_run_t:file read;
|
||||
|
||||
allow swat_t swat_tmp_t:dir create_dir_perms;
|
||||
allow swat_t swat_tmp_t:file create_file_perms;
|
||||
files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
|
||||
@ -549,10 +565,14 @@ allow swat_t swat_var_run_t:file create_file_perms;
|
||||
allow swat_t swat_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid(swat_t,swat_var_run_t)
|
||||
|
||||
allow swat_t winbind_exec_t:file execute;
|
||||
|
||||
kernel_read_kernel_sysctl(swat_t)
|
||||
kernel_read_system_state(swat_t)
|
||||
kernel_read_network_state(swat_t)
|
||||
|
||||
corecmd_search_sbin(swat_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(swat_t)
|
||||
corenet_tcp_sendrecv_generic_if(swat_t)
|
||||
corenet_udp_sendrecv_generic_if(swat_t)
|
||||
@ -564,23 +584,31 @@ corenet_tcp_sendrecv_all_ports(swat_t)
|
||||
corenet_udp_sendrecv_all_ports(swat_t)
|
||||
corenet_tcp_bind_all_nodes(swat_t)
|
||||
corenet_udp_bind_all_nodes(swat_t)
|
||||
corenet_tcp_connect_smbd_port(swat_t)
|
||||
|
||||
dev_read_urand(swat_t)
|
||||
|
||||
files_read_etc_files(swat_t)
|
||||
files_search_home(swat_t)
|
||||
|
||||
files_read_usr_files(swat_t)
|
||||
fs_getattr_xattr_fs(swat_t)
|
||||
|
||||
auth_domtrans_chk_passwd(swat_t)
|
||||
|
||||
libs_use_ld_so(swat_t)
|
||||
libs_use_shared_libs(swat_t)
|
||||
|
||||
logging_send_syslog_msg(swat_t)
|
||||
logging_search_logs(swat_t)
|
||||
|
||||
miscfiles_read_localization(swat_t)
|
||||
|
||||
sysnet_read_config(swat_t)
|
||||
|
||||
optional_policy(`cups',`
|
||||
cups_read_rw_config(swat_t)
|
||||
')
|
||||
|
||||
optional_policy(`kerberos',`
|
||||
kerberos_use(swat_t)
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user