This commit is contained in:
Chris PeBenito 2005-12-13 16:17:23 +00:00
parent bb43724465
commit be1e6ebce0

View File

@ -1,5 +1,5 @@
policy_module(samba,1.1.1)
policy_module(samba,1.1.2)
#################################
#
@ -538,9 +538,25 @@ allow swat_t self:capability { setuid setgid };
allow swat_t self:process signal_perms;
allow swat_t self:fifo_file rw_file_perms;
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow swat_t self:tcp_socket connected_stream_socket_perms;
allow swat_t self:netlink_audit_socket create;
allow swat_t self:tcp_socket create_stream_socket_perms;
allow swat_t self:udp_socket create_socket_perms;
allow swat_t nmbd_exec_t:file { execute read };
allow swat_t samba_etc_t:dir search;
allow swat_t samba_etc_t:file { getattr write read };
allow swat_t samba_log_t:dir search;
allow swat_t samba_log_t:file append;
allow swat_t smbd_exec_t:file execute ;
allow swat_t smbd_t:process signull;
allow swat_t smbd_var_run_t:file read;
allow swat_t swat_tmp_t:dir create_dir_perms;
allow swat_t swat_tmp_t:file create_file_perms;
files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
@ -549,10 +565,14 @@ allow swat_t swat_var_run_t:file create_file_perms;
allow swat_t swat_var_run_t:dir rw_dir_perms;
files_create_pid(swat_t,swat_var_run_t)
allow swat_t winbind_exec_t:file execute;
kernel_read_kernel_sysctl(swat_t)
kernel_read_system_state(swat_t)
kernel_read_network_state(swat_t)
corecmd_search_sbin(swat_t)
corenet_non_ipsec_sendrecv(swat_t)
corenet_tcp_sendrecv_generic_if(swat_t)
corenet_udp_sendrecv_generic_if(swat_t)
@ -564,23 +584,31 @@ corenet_tcp_sendrecv_all_ports(swat_t)
corenet_udp_sendrecv_all_ports(swat_t)
corenet_tcp_bind_all_nodes(swat_t)
corenet_udp_bind_all_nodes(swat_t)
corenet_tcp_connect_smbd_port(swat_t)
dev_read_urand(swat_t)
files_read_etc_files(swat_t)
files_search_home(swat_t)
files_read_usr_files(swat_t)
fs_getattr_xattr_fs(swat_t)
auth_domtrans_chk_passwd(swat_t)
libs_use_ld_so(swat_t)
libs_use_shared_libs(swat_t)
logging_send_syslog_msg(swat_t)
logging_search_logs(swat_t)
miscfiles_read_localization(swat_t)
sysnet_read_config(swat_t)
optional_policy(`cups',`
cups_read_rw_config(swat_t)
')
optional_policy(`kerberos',`
kerberos_use(swat_t)
')