54 lines
1.7 KiB
Diff
54 lines
1.7 KiB
Diff
From b3a5dfcc161ee097a0a5aa0fbf515e2e0bfb7430 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Fri, 5 Aug 2022 16:42:50 +0200
|
|
Subject: [PATCH] Allow samba-bgqd get a printer list
|
|
|
|
When `rpcclient localhost -c 'enumprinters'` or a similar command is executed,
|
|
samba-bgqd connects to the cups service to get the list of configured printers.
|
|
The printers are then cached and updated on regular basis.
|
|
|
|
Resolves: rhbz#2112395
|
|
---
|
|
policy/modules/contrib/samba.te | 15 ++++++++++++++-
|
|
1 file changed, 14 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
|
|
index 61598b8e39..d64ba6e569 100644
|
|
--- a/policy/modules/contrib/samba.te
|
|
+++ b/policy/modules/contrib/samba.te
|
|
@@ -1198,10 +1198,16 @@ kernel_read_network_state(winbind_rpcd_t)
|
|
|
|
corecmd_exec_bin(winbind_rpcd_t)
|
|
|
|
+corenet_tcp_connect_ipp_port(winbind_rpcd_t)
|
|
+
|
|
optional_policy(`
|
|
auth_read_passwd(winbind_rpcd_t)
|
|
')
|
|
|
|
+optional_policy(`
|
|
+ cups_stream_connect(winbind_rpcd_t)
|
|
+')
|
|
+
|
|
optional_policy(`
|
|
dbus_system_bus_client(winbind_rpcd_t)
|
|
')
|
|
@@ -1236,9 +1242,16 @@ optional_policy(`
|
|
systemd_userdbd_stream_connect(winbind_rpcd_t)
|
|
')
|
|
|
|
-# interactions with smbd_t/winbind_t
|
|
+optional_policy(`
|
|
+ unconfined_dgram_send(winbind_rpcd_t)
|
|
+')
|
|
+
|
|
+# inter-process communication with other samba domains
|
|
allow smbd_t winbind_rpcd_t:unix_stream_socket connectto;
|
|
allow winbind_t winbind_rpcd_t:unix_stream_socket connectto;
|
|
+allow winbind_rpcd_t nmbd_t:unix_dgram_socket sendto;
|
|
+allow winbind_rpcd_t smbd_t:unix_dgram_socket sendto;
|
|
+allow winbind_rpcd_t winbind_t:unix_dgram_socket sendto;
|
|
allow winbind_rpcd_t winbind_t:unix_stream_socket connectto;
|
|
|
|
samba_domtrans_winbind_rpcd(smbd_t)
|