From 480a1932eff8ba74e9373c1e7ba9a9d5f8c2d559 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Mon, 10 Oct 2022 16:45:20 +0200
Subject: [PATCH] Add winbind-rpcd to samba_enable_home_dirs boolean

Update samba_enable_home_dirs boolean to Allow winbind-rpcd to share users home directories.

SELinux denials appeared, when users configured home directory share in the smb.conf.

type=AVC msg=audit(1661934914.346:360): avc:  denied  { read } for  pid=4587 comm="samba-dcerpcd" path="/home/xx/Documents/xx" dev="dm-2" ino=21627745 scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0

Resolves: bz#2122904
---
 policy/modules/contrib/samba.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 227c22516d..2280531046 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -40,7 +40,7 @@ gen_tunable(samba_portmapper, false)
 
 ## <desc>
 ## <p>
-## Allow samba to share users home directories.
+## Allow samba and winbind-rpcd to share users home directories.
 ## </p>
 ## </desc>
 gen_tunable(samba_enable_home_dirs, false)
@@ -475,6 +475,7 @@ tunable_policy(`samba_domain_controller',`
 
 tunable_policy(`samba_enable_home_dirs',`
 	userdom_manage_user_home_content(smbd_t)
+	userdom_manage_user_home_content(winbind_rpcd_t)
 ')
 
 optional_policy(`