34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
#DESC winbind - Name Service Switch daemon for resolving names from NT servers
|
|
#
|
|
# Author: Dan Walsh (dwalsh@redhat.com)
|
|
#
|
|
|
|
#################################
|
|
#
|
|
# Declarations for winbind
|
|
#
|
|
|
|
daemon_domain(winbind, `, privhome, auth_chkpwd')
|
|
log_domain(winbind)
|
|
allow winbind_t etc_t:file r_file_perms;
|
|
allow winbind_t etc_t:lnk_file read;
|
|
can_network(winbind_t)
|
|
ifdef(`samba.te', `', `
|
|
type samba_etc_t, file_type, sysadmfile, usercanread;
|
|
type samba_log_t, file_type, sysadmfile, logfile;
|
|
type samba_var_t, file_type, sysadmfile;
|
|
type samba_secrets_t, file_type, sysadmfile;
|
|
')
|
|
rw_dir_file(winbind_t, samba_etc_t)
|
|
rw_dir_create_file(winbind_t, samba_log_t)
|
|
allow winbind_t samba_secrets_t:file rw_file_perms;
|
|
allow winbind_t self:unix_dgram_socket create_socket_perms;
|
|
allow winbind_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow winbind_t urandom_device_t:chr_file { getattr read };
|
|
allow winbind_t self:fifo_file { read write };
|
|
rw_dir_create_file(winbind_t, samba_var_t)
|
|
allow winbind_t krb5_conf_t:file { getattr read };
|
|
dontaudit winbind_t krb5_conf_t:file { write };
|
|
allow winbind_t self:netlink_route_socket r_netlink_socket_perms;
|
|
allow winbind_t winbind_var_run_t:sock_file create_file_perms;
|