Navigation

Changeset 2771

Timestamp:

08/05/08 07:54:11 (4 months ago)

Author:

cpebenito

Message:

trunk: Samba/winbind update from Mike Edenfield.

Files:

r2763	r2771
127	127	########################################
128	128	## <summary>
	129	## Create generic user home directories
	130	## </summary>
	131	## <param name="domain">
	132	## <summary>
	133	## Domain allowed access.
	134	## </summary>
	135	## </param>
	136	#
	137	interface(`unprivuser_create_home_dir',`
	138	gen_require(`
	139	type user_home_dir_t;
	140	')
	141
	142	files_search_home($1)
	143	allow $1 user_home_dir_t:dir create_dir_perms;
	144	')
	145
	146	########################################
	147	## <summary>
129	148	## Create, read, write, and delete generic user
130	149	## home directories.

r2763	r2771
485	485	#
486	486	interface(`samba_stream_connect_winbind',`
487		ifdef(`distro_redhat',`
	487	gen_require(`
	488	type samba_var_t, winbind_t, winbind_var_run_t;
	489	')
	490
	491	files_search_pids($1)
	492	allow $1 samba_var_t:dir search_dir_perms;
	493	stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
	494
	495	ifndef(`distro_redhat',`
488	496	gen_require(`
489		type samba_var_t, winbind_t, winbind_var_run_t;
490		')
491
492		files_search_pids($1)
493		allow $1 samba_var_t:dir search_dir_perms;
494		stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
495		',`
496		gen_require(`
497		type winbind_t, winbind_tmp_t;
	497	type winbind_tmp_t;
498	498	')
499	499

r2763	r2771
1	1
2		policy_module(samba, 1.9.0)
	2	policy_module(samba, 1.9.1)
3	3
4	4	#################################
…	…
15	15	## </desc>
16	16	gen_tunable(allow_smbd_anon_write, false)
	17
	18	## <desc>
	19	## <p>
	20	## Allow samba to create new home directories (e.g. via PAM)
	21	## </p>
	22	## </desc>
	23	gen_tunable(samba_create_home_dirs, false)
17	24
18	25	## <desc>
…	…
365	372	')
366	373
	374	tunable_policy(`samba_create_home_dirs',`
	375	allow smbd_t self:capability chown;
	376	unprivuser_create_home_dir(smbd_t)
	377	unprivuser_home_filetrans_home_dir(smbd_t)
	378	')
	379
367	380	tunable_policy(`samba_export_all_ro',`
368	381	fs_read_noxattr_fs_files(smbd_t)
…	…
405	418
406	419	manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
407		append_files_pattern(nmbd_t, samba_log_t, samba_log_t)
408		allow nmbd_t samba_log_t:file unlink;
	420	manage_files_pattern(nmbd_t, samba_log_t, samba_log_t)
409	421
410	422	read_files_pattern(nmbd_t, samba_log_t, samba_log_t)
…	…
676	688	manage_dirs_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
677	689	manage_files_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
	690	manage_sock_files_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
678	691	files_tmp_filetrans(winbind_t, winbind_tmp_t, { file dir })
679	692

* Generating other formats may take time.

r2770	r2771
	1	- Samba/winbind update from Mike Edenfield.
1	2	- Policy size optimization with a non-security file attribute from James
2	3	Carter.

r2668	r2771
1	1
2		policy_module(unprivuser, 1.0.0)
	2	policy_module(unprivuser, 1.0.1)
3	3
4	4	# this module should be named user, but that is