From 837f63743214363362334e910dcb06d35cd5cb99 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 27 Jun 2022 17:22:40 +0200
Subject: [PATCH] Update samba-dcerpcd policy for kerberos usage 2

These additional permissions were added:
- read kerberos key tables
- read generic SSL certificates

Resolves: rhbz#2096521
---
 policy/modules/contrib/samba.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 091e016fd0..4be4401cda 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1208,6 +1208,7 @@ optional_policy(`
 ')
 
 optional_policy(`
+	kerberos_read_keytab(winbind_rpcd_t)
 	kerberos_use(winbind_rpcd_t)
 ')
 
@@ -1215,6 +1216,10 @@ optional_policy(`
 	logging_send_syslog_msg(winbind_rpcd_t)
 ')
 
+optional_policy(`
+	miscfiles_read_generic_certs(winbind_rpcd_t)
+')
+
 optional_policy(`
 	sssd_read_public_files(winbind_rpcd_t)
 	sssd_stream_connect(winbind_rpcd_t)