rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Added rules to the smbd_t and the nmbd_t domains so that they would start properly

Browse Source
This commit is contained in:
Don Miner 2005-10-24 12:45:16 +00:00
parent 1dd86c43cd
commit fa16f25281
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
refpolicy/policy/modules/services/samba.te
View File

@ -157,6 +157,7 @@ in_user_role(samba_net_t)
allow smbd_t self:capability { setgid setuid sys_resource lease dac_override dac_read_search };
dontaudit smbd_t self:capability sys_tty_config;
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow smbd_t self:process setrlimit;
allow smbd_t self:fd use;
allow smbd_t self:fifo_file rw_file_perms;
allow smbd_t self:msg { send receive };
@ -170,7 +171,7 @@ allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow smbd_t samba_etc_t:dir rw_dir_perms;
allow smbd_t samba_etc_t:file r_file_perms;
allow smbd_t samba_etc_t:file { rw_file_perms setattr };
allow smbd_t samba_log_t:dir ra_dir_perms;
dontaudit smbd_t samba_log_t:dir remove_name;
@ -339,11 +340,15 @@ kernel_read_software_raid_state(nmbd_t)
kernel_read_system_state(nmbd_t)
corenet_tcp_sendrecv_all_if(nmbd_t)
corenet_udp_sendrecv_all_if(nmbd_t)
corenet_raw_sendrecv_all_if(nmbd_t)
corenet_tcp_sendrecv_all_nodes(nmbd_t)
corenet_udp_sendrecv_all_nodes(nmbd_t)
corenet_raw_sendrecv_all_nodes(nmbd_t)
corenet_tcp_sendrecv_all_ports(nmbd_t)
corenet_udp_sendrecv_all_ports(nmbd_t)
corenet_tcp_bind_all_nodes(nmbd_t)
corenet_udp_bind_all_nodes(nmbd_t)
corenet_udp_bind_nmbd_port(nmbd_t)
dev_read_sysfs(nmbd_t)