RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #442 from yizhao1/samba

This commit is contained in:
Chris PeBenito 2021-11-30 11:23:59 -05:00
parent 0c6e887481 f24f38f0f2
commit 7dae637f4b
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/services/ntp.te
View File

@ -53,8 +53,8 @@ init_system_domain(ntpd_t, ntpdate_exec_t)
# Local policy
#
allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice };
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_resource };
allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice sys_resource };
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid };
allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
allow ntpd_t self:fifo_file rw_fifo_file_perms;
allow ntpd_t self:shm create_shm_perms;

5
policy/modules/services/samba.te
View File

@ -268,7 +268,7 @@ optional_policy(`
#
allow smbd_t self:capability { chown dac_override dac_read_search fowner fsetid kill lease setgid setuid sys_admin sys_chroot sys_nice sys_resource };
dontaudit smbd_t self:capability sys_tty_config;
dontaudit smbd_t self:capability { sys_tty_config net_admin };
allow smbd_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh setrlimit rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
allow smbd_t self:fd use;
allow smbd_t self:fifo_file rw_fifo_file_perms;
@ -518,7 +518,7 @@ optional_policy(`
# Nmbd Local policy
#
dontaudit nmbd_t self:capability sys_tty_config;
dontaudit nmbd_t self:capability { sys_tty_config net_admin };
allow nmbd_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
allow nmbd_t self:fd use;
allow nmbd_t self:fifo_file rw_fifo_file_perms;
@ -543,6 +543,7 @@ append_files_pattern(nmbd_t, samba_log_t, samba_log_t)
create_files_pattern(nmbd_t, samba_log_t, samba_log_t)
setattr_files_pattern(nmbd_t, samba_log_t, samba_log_t)
manage_dirs_pattern(nmbd_t, samba_var_t, samba_var_t)
mmap_manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
manage_lnk_files_pattern(nmbd_t, samba_var_t, samba_var_t)
manage_sock_files_pattern(nmbd_t, samba_var_t, samba_var_t)