27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
From 400871693697941947ae35e9c914c129518880f0 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Mon, 22 May 2023 15:03:56 +0200
|
|
Subject: [PATCH] Allow samba-dcerpcd connect to systemd_machined over a unix
|
|
socket
|
|
|
|
The commit addresses the following AVC denial:
|
|
type=AVC msg=audit(1684646002.435:1902): avc: denied { connectto } for pid=27491 comm="rpcd_winreg" path="/run/systemd/userdb/io.systemd.Machine" scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=system_u:system_r:systemd_machined_t:s0 tclass=unix_stream_socket permissive=0
|
|
|
|
Resolves: rhbz#2208845
|
|
---
|
|
policy/modules/contrib/samba.te | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
|
|
index c8123ff29d..9847d3da29 100644
|
|
--- a/policy/modules/contrib/samba.te
|
|
+++ b/policy/modules/contrib/samba.te
|
|
@@ -1264,6 +1264,7 @@ optional_policy(`
|
|
')
|
|
|
|
optional_policy(`
|
|
+ systemd_machined_stream_connect(winbind_rpcd_t)
|
|
systemd_userdbd_stream_connect(winbind_rpcd_t)
|
|
')
|
|
|