diff --git a/policy-20070501.patch b/policy-20070501.patch index 26cac49..16373fe 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -2196,7 +2196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if --- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-06-18 10:18:55.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-07-03 12:59:42.000000000 -0400 @@ -333,6 +333,24 @@ ######################################## @@ -6563,7 +6563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te --- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-06-19 09:03:00.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-07-03 11:03:57.000000000 -0400 @@ -28,6 +28,35 @@ ## gen_tunable(samba_share_nfs,false) @@ -6785,7 +6785,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb libs_use_ld_so(swat_t) libs_use_shared_libs(swat_t) -@@ -625,6 +695,8 @@ +@@ -625,19 +695,25 @@ # Winbind local policy # @@ -6794,7 +6794,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb dontaudit winbind_t self:capability sys_tty_config; allow winbind_t self:process signal_perms; allow winbind_t self:fifo_file { read write }; -@@ -634,10 +706,15 @@ + allow winbind_t self:unix_dgram_socket create_socket_perms; + allow winbind_t self:unix_stream_socket create_stream_socket_perms; +-allow winbind_t self:netlink_route_socket r_netlink_socket_perms; allow winbind_t self:tcp_socket create_stream_socket_perms; allow winbind_t self:udp_socket create_socket_perms; @@ -6810,7 +6812,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t) filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file) -@@ -645,6 +722,8 @@ +@@ -645,6 +721,8 @@ manage_files_pattern(winbind_t,samba_log_t,samba_log_t) manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t) @@ -6819,15 +6821,38 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb manage_files_pattern(winbind_t,samba_var_t,samba_var_t) manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t) -@@ -683,6 +762,7 @@ +@@ -682,7 +760,9 @@ + fs_getattr_all_fs(winbind_t) fs_search_auto_mountpoints(winbind_t) ++auth_use_nsswitch(winbind_t) auth_domtrans_chk_passwd(winbind_t) +auth_domtrans_upd_passwd(winbind_t) domain_use_interactive_fds(winbind_t) -@@ -736,6 +816,7 @@ +@@ -695,9 +775,6 @@ + + miscfiles_read_localization(winbind_t) + +-sysnet_read_config(winbind_t) +-sysnet_dns_name_resolve(winbind_t) +- + userdom_dontaudit_use_unpriv_user_fds(winbind_t) + userdom_dontaudit_search_sysadm_home_dirs(winbind_t) + userdom_priveleged_home_dir_manager(winbind_t) +@@ -713,10 +790,6 @@ + ') + + optional_policy(` +- nscd_socket_use(winbind_t) +-') +- +-optional_policy(` + seutil_sigchld_newrole(winbind_t) + ') + +@@ -736,6 +809,7 @@ read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t) read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t) @@ -6835,7 +6860,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb allow winbind_helper_t samba_var_t:dir search; stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t) -@@ -764,3 +845,23 @@ +@@ -764,3 +838,23 @@ squid_read_log(winbind_helper_t) squid_append_log(winbind_helper_t) ')