fixes
This commit is contained in:
Chris PeBenito
parent
bb43724465
commit
be1e6ebce0
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(samba,1.1.1)
|
policy_module(samba,1.1.2)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -538,9 +538,25 @@ allow swat_t self:capability { setuid setgid };
|
|||||||
allow swat_t self:process signal_perms;
|
allow swat_t self:process signal_perms;
|
||||||
allow swat_t self:fifo_file rw_file_perms;
|
allow swat_t self:fifo_file rw_file_perms;
|
||||||
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
||||||
allow swat_t self:tcp_socket connected_stream_socket_perms;
|
allow swat_t self:netlink_audit_socket create;
|
||||||
|
allow swat_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow swat_t self:udp_socket create_socket_perms;
|
allow swat_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
|
|
||||||
|
allow swat_t nmbd_exec_t:file { execute read };
|
||||||
|
|
||||||
|
allow swat_t samba_etc_t:dir search;
|
||||||
|
allow swat_t samba_etc_t:file { getattr write read };
|
||||||
|
|
||||||
|
allow swat_t samba_log_t:dir search;
|
||||||
|
allow swat_t samba_log_t:file append;
|
||||||
|
|
||||||
|
allow swat_t smbd_exec_t:file execute ;
|
||||||
|
|
||||||
|
allow swat_t smbd_t:process signull;
|
||||||
|
|
||||||
|
allow swat_t smbd_var_run_t:file read;
|
||||||
|
|
||||||
allow swat_t swat_tmp_t:dir create_dir_perms;
|
allow swat_t swat_tmp_t:dir create_dir_perms;
|
||||||
allow swat_t swat_tmp_t:file create_file_perms;
|
allow swat_t swat_tmp_t:file create_file_perms;
|
||||||
files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
|
files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
|
||||||
@ -549,10 +565,14 @@ allow swat_t swat_var_run_t:file create_file_perms;
|
|||||||
allow swat_t swat_var_run_t:dir rw_dir_perms;
|
allow swat_t swat_var_run_t:dir rw_dir_perms;
|
||||||
files_create_pid(swat_t,swat_var_run_t)
|
files_create_pid(swat_t,swat_var_run_t)
|
||||||
|
|
||||||
|
allow swat_t winbind_exec_t:file execute;
|
||||||
|
|
||||||
kernel_read_kernel_sysctl(swat_t)
|
kernel_read_kernel_sysctl(swat_t)
|
||||||
kernel_read_system_state(swat_t)
|
kernel_read_system_state(swat_t)
|
||||||
kernel_read_network_state(swat_t)
|
kernel_read_network_state(swat_t)
|
||||||
|
|
||||||
|
corecmd_search_sbin(swat_t)
|
||||||
|
|
||||||
corenet_non_ipsec_sendrecv(swat_t)
|
corenet_non_ipsec_sendrecv(swat_t)
|
||||||
corenet_tcp_sendrecv_generic_if(swat_t)
|
corenet_tcp_sendrecv_generic_if(swat_t)
|
||||||
corenet_udp_sendrecv_generic_if(swat_t)
|
corenet_udp_sendrecv_generic_if(swat_t)
|
||||||
@ -564,23 +584,31 @@ corenet_tcp_sendrecv_all_ports(swat_t)
|
|||||||
corenet_udp_sendrecv_all_ports(swat_t)
|
corenet_udp_sendrecv_all_ports(swat_t)
|
||||||
corenet_tcp_bind_all_nodes(swat_t)
|
corenet_tcp_bind_all_nodes(swat_t)
|
||||||
corenet_udp_bind_all_nodes(swat_t)
|
corenet_udp_bind_all_nodes(swat_t)
|
||||||
|
corenet_tcp_connect_smbd_port(swat_t)
|
||||||
|
|
||||||
dev_read_urand(swat_t)
|
dev_read_urand(swat_t)
|
||||||
|
|
||||||
files_read_etc_files(swat_t)
|
files_read_etc_files(swat_t)
|
||||||
files_search_home(swat_t)
|
files_search_home(swat_t)
|
||||||
|
files_read_usr_files(swat_t)
|
||||||
fs_getattr_xattr_fs(swat_t)
|
fs_getattr_xattr_fs(swat_t)
|
||||||
|
|
||||||
|
auth_domtrans_chk_passwd(swat_t)
|
||||||
|
|
||||||
libs_use_ld_so(swat_t)
|
libs_use_ld_so(swat_t)
|
||||||
libs_use_shared_libs(swat_t)
|
libs_use_shared_libs(swat_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(swat_t)
|
logging_send_syslog_msg(swat_t)
|
||||||
|
logging_search_logs(swat_t)
|
||||||
|
|
||||||
miscfiles_read_localization(swat_t)
|
miscfiles_read_localization(swat_t)
|
||||||
|
|
||||||
sysnet_read_config(swat_t)
|
sysnet_read_config(swat_t)
|
||||||
|
|
||||||
|
optional_policy(`cups',`
|
||||||
|
cups_read_rw_config(swat_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`kerberos',`
|
optional_policy(`kerberos',`
|
||||||
kerberos_use(swat_t)
|
kerberos_use(swat_t)
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user