Allow smbcontrol_t to signal itself

author Dan Walsh <dwalsh@redhat.com>

Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)
author Dan Walsh <dwalsh@redhat.com>
Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te

index 383ed20eaf1f86592fd9f8bb2198c6ae1bd1687f..f0e8a6c3353c5ce4e472dc9986b4b064500de90a 100644 (file)
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -359,7 +359,6 @@ optional_policy(`
         ')
  
         samba_role_notrans(unconfined_r)
-#      samba_run_winbind_helper(unconfined_t, unconfined_r)
         samba_run_smbcontrol(unconfined_t, unconfined_r)
  ')
  
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te

index 9010ac2e8b52a8f3eb5b9593634f42d446c6944e..fc4c97af312f94cb8875d10b808438a1d0068f15 100644 (file)
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -563,6 +563,7 @@ optional_policy(`
  # internal communication is often done using fifo and unix sockets.
  allow smbcontrol_t self:fifo_file rw_file_perms;
  allow smbcontrol_t self:unix_stream_socket create_stream_socket_perms;
+allow smbcontrol_t self:process { signal signull };
  
  allow smbcontrol_t nmbd_t:process { signal signull };
  read_files_pattern(smbcontrol_t, nmbd_var_run_t, nmbd_var_run_t)
author	Dan Walsh <dwalsh@redhat.com>
	Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Fri, 11 Nov 2011 04:43:54 +0000 (23:43 -0500)
policy/modules/roles/unconfineduser.te		patch \| blob \| blame \| history
policy/modules/services/samba.te		patch \| blob \| blame \| history