From 9921e239291412f21c98806f2777dba7fce8bbe4 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 15 Dec 2022 12:07:05 +0100
Subject: [PATCH] Allow winbind-rpcd manage samba_share_t files and dirs

Allow winbind connect to init_t unix_stream_socket

Resolves: rhbz#2150680
---
 policy/modules/contrib/samba.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 1395047b3e..8746918587 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1185,6 +1185,9 @@ manage_files_pattern(winbind_rpcd_t, winbind_rpcd_var_run_t, winbind_rpcd_var_ru
 files_pid_filetrans(winbind_rpcd_t, winbind_rpcd_var_run_t, { dir file })
 
 # access to files of other samba domains
+manage_dirs_pattern(winbind_rpcd_t, samba_share_t, samba_share_t)
+manage_files_pattern(winbind_rpcd_t, samba_share_t, samba_share_t)
+
 manage_dirs_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
 read_files_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
 manage_sock_files_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
@@ -1225,6 +1228,10 @@ optional_policy(`
 	dirsrv_stream_connect(winbind_rpcd_t)
 ')
 
+optional_policy(`
+	init_stream_connectto(winbind_rpcd_t)
+')
+
 optional_policy(`
 	kerberos_read_keytab(winbind_rpcd_t)
 	kerberos_use(winbind_rpcd_t)