From: jsolt@tresys.com (Jeremy Solt)
Date: Fri, 16 Apr 2010 15:04:20 -0400
Subject: [refpolicy] services_samba.patch
In-Reply-To: <4B845435.8090808@redhat.com>
References: <4B845435.8090808@redhat.com>
Message-ID: <1271444660.6756.94.camel@jsolt-Desktop>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2010-02-23 at 18:18 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_samba.patch


> optional_policy(`
> +	type samba_unconfined_net_t;
> +	domain_type(samba_unconfined_net_t)
> +	domain_entry_file(samba_unconfined_net_t, samba_net_exec_t)
> +	role system_r types samba_unconfined_net_t;
> +
> +	unconfined_domain(samba_unconfined_net_t)
> +
> +	manage_files_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t)
> +	filetrans_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t, file)
> +	userdom_use_user_terminals(samba_unconfined_net_t)
> +')
> +
>  	type samba_unconfined_script_t;
>  	type samba_unconfined_script_exec_t;
>  	domain_type(samba_unconfined_script_t)
> @@ -876,9 +943,12 @@
>  	allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
>  	allow smbd_t samba_unconfined_script_exec_t:file ioctl;
>  
> +optional_policy(`
>  	unconfined_domain(samba_unconfined_script_t)
> +')
>  
>  	tunable_policy(`samba_run_unconfined',`
>  		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
> -	')
> +',`
> +	can_exec(smbd_t, samba_unconfined_script_exec_t)
>  ')

What are you trying to do here? The tabbing makes this unclear.

-- 
Jeremy J. Solt
Tresys Technology, LLC
410-290-1411 x122
>