packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Add-winbind-rpcd-to-samba_enable_home_dirs-boolean.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

38 lines
1.4 KiB
Diff
Raw Blame History

From 480a1932eff8ba74e9373c1e7ba9a9d5f8c2d559 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Mon, 10 Oct 2022 16:45:20 +0200
Subject: [PATCH] Add winbind-rpcd to samba_enable_home_dirs boolean
Update samba_enable_home_dirs boolean to Allow winbind-rpcd to share users home directories.
SELinux denials appeared, when users configured home directory share in the smb.conf.
type=AVC msg=audit(1661934914.346:360): avc: denied { read } for pid=4587 comm="samba-dcerpcd" path="/home/xx/Documents/xx" dev="dm-2" ino=21627745 scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
Resolves: bz#2122904
---
policy/modules/contrib/samba.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 227c22516d..2280531046 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -40,7 +40,7 @@ gen_tunable(samba_portmapper, false)
## <desc>
## <p>
-## Allow samba to share users home directories.
+## Allow samba and winbind-rpcd to share users home directories.
## </p>
## </desc>
gen_tunable(samba_enable_home_dirs, false)
@@ -475,6 +475,7 @@ tunable_policy(`samba_domain_controller',`
tunable_policy(`samba_enable_home_dirs',`
userdom_manage_user_home_content(smbd_t)
+ userdom_manage_user_home_content(winbind_rpcd_t)
')
optional_policy(`
Reference in New Issue View Git Blame Copy Permalink