selinux-policy/backport-Update-samba-dcerpcd-policy-for-kerberos-usage.patch

From e6584a21427a408c09781f2c5cf978b0f18db1cc Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 17 Jun 2022 18:34:28 +0200
Subject: [PATCH] Update samba-dcerpcd policy for kerberos usage

Resolves: rhbz#2096825
---
 policy/modules/contrib/samba.te | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 99cb452f7b..7087c37e7a 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1179,6 +1179,7 @@ files_pid_filetrans(winbind_rpcd_t, winbind_rpcd_var_run_t, { dir file })
 
 # access to files of other samba domains
 manage_dirs_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
+read_files_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
 manage_sock_files_pattern(winbind_rpcd_t, smbd_var_run_t, smbd_var_run_t)
 
 manage_dirs_pattern(winbind_rpcd_t, samba_log_t, samba_log_t)
@@ -1201,6 +1202,22 @@ optional_policy(`
 	dbus_system_bus_client(winbind_rpcd_t)
 ')
 
+optional_policy(`
+	dirsrv_stream_connect(winbind_rpcd_t)
+')
+
+optional_policy(`
+	kerberos_use(winbind_rpcd_t)
+')
+
+optional_policy(`
+	logging_send_syslog_msg(winbind_rpcd_t)
+')
+
+optional_policy(`
+	sysnet_read_config(winbind_rpcd_t)
+')
+
 # interactions with smbd_t/winbind_t
 allow smbd_t winbind_rpcd_t:unix_stream_socket connectto;
 allow winbind_t winbind_rpcd_t:unix_stream_socket connectto;