On Tue, 2010-02-23 at 18:18 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_samba.patch
> optional_policy(`
> + type samba_unconfined_net_t;
> + domain_type(samba_unconfined_net_t)
> + domain_entry_file(samba_unconfined_net_t, samba_net_exec_t)
> + role system_r types samba_unconfined_net_t;
> +
> + unconfined_domain(samba_unconfined_net_t)
> +
> + manage_files_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t)
> + filetrans_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t, file)
> + userdom_use_user_terminals(samba_unconfined_net_t)
> +')
> +
> type samba_unconfined_script_t;
> type samba_unconfined_script_exec_t;
> domain_type(samba_unconfined_script_t)
> @@ -876,9 +943,12 @@
> allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
> allow smbd_t samba_unconfined_script_exec_t:file ioctl;
>
> +optional_policy(`
> unconfined_domain(samba_unconfined_script_t)
> +')
>
> tunable_policy(`samba_run_unconfined',`
> domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
> - ')
> +',`
> + can_exec(smbd_t, samba_unconfined_script_exec_t)
> ')
What are you trying to do here? The tabbing makes this unclear.
--
Jeremy J. Solt
Tresys Technology, LLC
410-290-1411 x122
>