From: jsolt@tresys.com (Jeremy Solt) Date: Fri, 16 Apr 2010 15:04:20 -0400 Subject: [refpolicy] services_samba.patch In-Reply-To: <4B845435.8090808@redhat.com> References: <4B845435.8090808@redhat.com> Message-ID: <1271444660.6756.94.camel@jsolt-Desktop> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2010-02-23 at 18:18 -0400, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_samba.patch > optional_policy(` > + type samba_unconfined_net_t; > + domain_type(samba_unconfined_net_t) > + domain_entry_file(samba_unconfined_net_t, samba_net_exec_t) > + role system_r types samba_unconfined_net_t; > + > + unconfined_domain(samba_unconfined_net_t) > + > + manage_files_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t) > + filetrans_pattern(samba_unconfined_net_t, samba_etc_t, samba_secrets_t, file) > + userdom_use_user_terminals(samba_unconfined_net_t) > +') > + > type samba_unconfined_script_t; > type samba_unconfined_script_exec_t; > domain_type(samba_unconfined_script_t) > @@ -876,9 +943,12 @@ > allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms; > allow smbd_t samba_unconfined_script_exec_t:file ioctl; > > +optional_policy(` > unconfined_domain(samba_unconfined_script_t) > +') > > tunable_policy(`samba_run_unconfined',` > domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t) > - ') > +',` > + can_exec(smbd_t, samba_unconfined_script_exec_t) > ') What are you trying to do here? The tabbing makes this unclear. -- Jeremy J. Solt Tresys Technology, LLC 410-290-1411 x122 >