selinux-refpolicy/policy
Yi Zhao 5e7b58612e samba: fixes for smbd/nmbd
* Do not audit capability net_admin for smbd_t/nmbd_t
* Allow nmbd_t to manage samba_var_t dirs

Fixes:
avc:  denied  { net_admin } for  pid=334 comm="smbd" capability=12
scontext=system_u:system_r:smbd_t tcontext=system_u:system_r:smbd_t
tclass=capability permissive=1

avc:  denied  { net_admin } for  pid=273 comm="nmbd" capability=12
scontext=system_u:system_r:nmbd_t tcontext=system_u:system_r:nmbd_t
tclass=capability permissive=1

avc:  denied  { create } for  pid=273 comm="nmbd" name="msg.lock"
scontext=system_u:system_r:nmbd_t tcontext=system_u:object_r:samba_var_t
tclass=dir permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-11-30 21:52:43 +08:00
..
flask
modules samba: fixes for smbd/nmbd 2021-11-30 21:52:43 +08:00
support Improve error message on duplicate definition of interface 2021-11-15 10:23:48 +01:00
constraints
context_defaults
global_booleans
global_tunables
mcs mcs: only constrain mcs_constrained_type for db accesses 2021-11-09 13:59:08 -05:00
mls
policy_capabilities
users