]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/services/samba.if
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Allow munin services plugins to use NSCD services
[people/stevee/selinux-policy.git] / policy / modules / services / samba.if
CommitLineData
79cde317
CP		 1## <summary>
2## SMB and CIFS client/server programs for UNIX and
3## name Service Switch daemon for resolving names
4## from Windows NT servers.
5## </summary>
84c92239 6
0c89174f
CP		 7########################################
8## <summary>
9## Execute nmbd net in the nmbd_t domain.
10## </summary>
11## <param name="domain">
12## <summary>
288845a6 13## Domain allowed to transition.
0c89174f
CP		 14## </summary>
15## </param>
16#
17interface(`samba_domtrans_nmbd',`
18 gen_require(`
19 type nmbd_t, nmbd_exec_t;
20 ')
21
22 corecmd_search_bin($1)
23 domtrans_pattern($1, nmbd_exec_t, nmbd_t)
24')
25
34838aa6
JS		 26#######################################
27## <summary>
28## Allow domain to signal samba
29## </summary>
30## <param name="domain">
31## <summary>
32## Domain allowed access.
33## </summary>
34## </param>
35#
36interface(`samba_signal_nmbd',`
37 gen_require(`
38 type nmbd_t;
39 ')
40 allow $1 nmbd_t:process signal;
41')
42
0c89174f
CP		 43########################################
44## <summary>
45## Execute samba server in the samba domain.
46## </summary>
47## <param name="domain">
48## <summary>
288845a6 49## Domain allowed to transition.
0c89174f
CP		 50## </summary>
51## </param>
52#
53interface(`samba_initrc_domtrans',`
54 gen_require(`
55 type samba_initrc_exec_t;
56 ')
57
58 init_labeled_script_domtrans($1, samba_initrc_exec_t)
59')
60
1fca9d34
DW		 61########################################
62## <summary>
63## Execute samba server in the samba domain.
64## </summary>
65## <param name="domain">
66## <summary>
67## Domain allowed to transition.
68## </summary>
69## </param>
70#
71interface(`samba_systemctl',`
72 gen_require(`
8149320e 73 type samba_unit_file_t;
1fca9d34
DW		 74 type smbd_t;
75 ')
76
77 systemd_exec_systemctl($1)
8149320e
DW		 78 allow $1 samba_unit_file_t:file read_file_perms;
79 allow $1 samba_unit_file_t:service all_service_perms;
1fca9d34
DW		 80
81 ps_process_pattern($1, smbd_t)
82')
83
84c92239
CP		 84########################################
85## <summary>
86## Execute samba net in the samba_net domain.
87## </summary>
88## <param name="domain">
885b83ec 89## <summary>
288845a6 90## Domain allowed to transition.
885b83ec 91## </summary>
84c92239
CP		 92## </param>
93#
94interface(`samba_domtrans_net',`
95 gen_require(`
96 type samba_net_t, samba_net_exec_t;
84c92239
CP		 97 ')
98
99 corecmd_search_bin($1)
0bfccda4 100 domtrans_pattern($1, samba_net_exec_t, samba_net_t)
84c92239
CP		 101')
102
3eaa9939
DW		 103########################################
104## <summary>
105## Execute samba net in the samba_unconfined_net domain.
106## </summary>
107## <param name="domain">
108## <summary>
61234647 109## Domain allowed to transition.
3eaa9939
DW		 110## </summary>
111## </param>
112#
113interface(`samba_domtrans_unconfined_net',`
114 gen_require(`
115 type samba_unconfined_net_t, samba_net_exec_t;
116 ')
117
118 corecmd_search_bin($1)
119 domtrans_pattern($1, samba_net_exec_t, samba_unconfined_net_t)
120')
121
84c92239
CP		 122########################################
123## <summary>
124## Execute samba net in the samba_net domain, and
125## allow the specified role the samba_net domain.
126## </summary>
127## <param name="domain">
885b83ec 128## <summary>
288845a6 129## Domain allowed to transition.
885b83ec 130## </summary>
84c92239
CP		 131## </param>
132## <param name="role">
885b83ec 133## <summary>
a7ee7f81 134## Role allowed access.
885b83ec 135## </summary>
84c92239 136## </param>
bbcd3c97 137## <rolecap/>
84c92239
CP		 138#
139interface(`samba_run_net',`
140 gen_require(`
141 type samba_net_t;
84c92239
CP		 142 ')
143
144 samba_domtrans_net($1)
145 role $2 types samba_net_t;
84c92239
CP		 146')
147
3eaa9939
DW		 148#######################################
149## <summary>
150## The role for the samba module.
151## </summary>
152## <param name="role">
153## <summary>
154## The role to be allowed the samba_net domain.
155## </summary>
156## </param>
9c9e4c81 157## <rolecap/>
3eaa9939 158#
d15b40a5 159interface(`samba_role_notrans',`
3eaa9939
DW		 160 gen_require(`
161 type smbd_t;
162 ')
163
164 role $1 types smbd_t;
165')
166
167########################################
168## <summary>
169## Execute samba net in the samba_unconfined_net domain, and
170## allow the specified role the samba_unconfined_net domain.
171## </summary>
172## <param name="domain">
173## <summary>
61234647 174## Domain allowed to transition.
3eaa9939
DW		 175## </summary>
176## </param>
177## <param name="role">
178## <summary>
179## The role to be allowed the samba_unconfined_net domain.
180## </summary>
181## </param>
182## <rolecap/>
183#
184interface(`samba_run_unconfined_net',`
185 gen_require(`
186 type samba_unconfined_net_t;
187 ')
188
189 samba_domtrans_unconfined_net($1)
190 role $2 types samba_unconfined_net_t;
191')
192
84c92239
CP		 193########################################
194## <summary>
195## Execute smbmount in the smbmount domain.
196## </summary>
197## <param name="domain">
885b83ec 198## <summary>
288845a6 199## Domain allowed to transition.
885b83ec 200## </summary>
84c92239
CP		 201## </param>
202#
203interface(`samba_domtrans_smbmount',`
204 gen_require(`
205 type smbmount_t, smbmount_exec_t;
84c92239
CP		 206 ')
207
208 corecmd_search_bin($1)
0bfccda4 209 domtrans_pattern($1, smbmount_exec_t, smbmount_t)
84c92239
CP		 210')
211
350b6ab7
CP		 212########################################
213## <summary>
214## Execute smbmount interactively and do
215## a domain transition to the smbmount domain.
216## </summary>
217## <param name="domain">
218## <summary>
288845a6 219## Domain allowed to transition.
350b6ab7
CP		 220## </summary>
221## </param>
222## <param name="role">
223## <summary>
a7ee7f81 224## Role allowed access.
350b6ab7
CP		 225## </summary>
226## </param>
350b6ab7
CP		 227## <rolecap/>
228#
229interface(`samba_run_smbmount',`
230 gen_require(`
231 type smbmount_t;
232 ')
233
234 samba_domtrans_smbmount($1)
235 role $2 types smbmount_t;
350b6ab7
CP		 236')
237
84c92239
CP		 238########################################
239## <summary>
240## Allow the specified domain to read
241## samba configuration files.
242## </summary>
243## <param name="domain">
885b83ec 244## <summary>
84c92239 245## Domain allowed access.
885b83ec 246## </summary>
84c92239 247## </param>
bbcd3c97 248## <rolecap/>
84c92239
CP		 249#
250interface(`samba_read_config',`
251 gen_require(`
252 type samba_etc_t;
84c92239
CP		 253 ')
254
255 files_search_etc($1)
0bfccda4 256 read_files_pattern($1, samba_etc_t, samba_etc_t)
84c92239
CP		 257')
258
259########################################
260## <summary>
261## Allow the specified domain to read
262## and write samba configuration files.
263## </summary>
264## <param name="domain">
885b83ec 265## <summary>
84c92239 266## Domain allowed access.
885b83ec 267## </summary>
84c92239 268## </param>
bbcd3c97 269## <rolecap/>
84c92239
CP		 270#
271interface(`samba_rw_config',`
272 gen_require(`
273 type samba_etc_t;
84c92239
CP		 274 ')
275
276 files_search_etc($1)
0bfccda4 277 rw_files_pattern($1, samba_etc_t, samba_etc_t)
84c92239
CP		 278')
279
0c89174f
CP		 280########################################
281## <summary>
282## Allow the specified domain to read
283## and write samba configuration files.
284## </summary>
285## <param name="domain">
286## <summary>
287## Domain allowed access.
288## </summary>
289## </param>
290## <rolecap/>
291#
292interface(`samba_manage_config',`
293 gen_require(`
294 type samba_etc_t;
295 ')
296
297 files_search_etc($1)
298 manage_dirs_pattern($1, samba_etc_t, samba_etc_t)
299 manage_files_pattern($1, samba_etc_t, samba_etc_t)
300')
301
84c92239
CP		 302########################################
303## <summary>
304## Allow the specified domain to read samba's log files.
305## </summary>
306## <param name="domain">
885b83ec 307## <summary>
84c92239 308## Domain allowed access.
885b83ec 309## </summary>
84c92239 310## </param>
bbcd3c97 311## <rolecap/>
84c92239
CP		 312#
313interface(`samba_read_log',`
314 gen_require(`
315 type samba_log_t;
84c92239
CP		 316 ')
317
318 logging_search_logs($1)
c0868a7a 319 allow $1 samba_log_t:dir list_dir_perms;
0bfccda4 320 read_files_pattern($1, samba_log_t, samba_log_t)
84c92239
CP		 321')
322
40df5677
CP		 323########################################
324## <summary>
325## Allow the specified domain to append to samba's log files.
326## </summary>
327## <param name="domain">
328## <summary>
329## Domain allowed access.
330## </summary>
331## </param>
332## <rolecap/>
333#
334interface(`samba_append_log',`
335 gen_require(`
336 type samba_log_t;
337 ')
338
339 logging_search_logs($1)
340 allow $1 samba_log_t:dir list_dir_perms;
341 allow $1 samba_log_t:file append_file_perms;
342')
343
84c92239
CP		 344########################################
345## <summary>
346## Execute samba log in the caller domain.
347## </summary>
348## <param name="domain">
885b83ec 349## <summary>
a72e42f4 350## Domain allowed access.
885b83ec 351## </summary>
84c92239
CP		 352## </param>
353#
354interface(`samba_exec_log',`
355 gen_require(`
356 type samba_log_t;
357 ')
358
359 logging_search_logs($1)
0bfccda4 360 can_exec($1, samba_log_t)
84c92239
CP		 361')
362
363########################################
364## <summary>
365## Allow the specified domain to read samba's secrets.
366## </summary>
367## <param name="domain">
885b83ec 368## <summary>
84c92239 369## Domain allowed access.
885b83ec 370## </summary>
84c92239
CP		 371## </param>
372#
373interface(`samba_read_secrets',`
374 gen_require(`
375 type samba_secrets_t;
84c92239
CP		 376 ')
377
378 files_search_etc($1)
82d2775c 379 allow $1 samba_secrets_t:file read_file_perms;
84c92239
CP		 380')
381
0c89174f
CP		 382########################################
383## <summary>
384## Allow the specified domain to read samba's shares
385## </summary>
386## <param name="domain">
387## <summary>
388## Domain allowed access.
389## </summary>
390## </param>
391#
392interface(`samba_read_share_files',`
393 gen_require(`
394 type samba_share_t;
395 ')
396
397 allow $1 samba_share_t:filesystem getattr;
398 read_files_pattern($1, samba_share_t, samba_share_t)
399')
400
725926c5
CP		 401########################################
402## <summary>
403## Allow the specified domain to search
404## samba /var directories.
405## </summary>
406## <param name="domain">
885b83ec 407## <summary>
725926c5 408## Domain allowed access.
885b83ec 409## </summary>
725926c5
CP		 410## </param>
411#
412interface(`samba_search_var',`
413 gen_require(`
414 type samba_var_t;
415 ')
416
40df5677 417 files_search_var_lib($1)
725926c5
CP		 418 allow $1 samba_var_t:dir search_dir_perms;
419')
420
40df5677
CP		 421########################################
422## <summary>
423## Allow the specified domain to
424## read samba /var files.
425## </summary>
426## <param name="domain">
427## <summary>
428## Domain allowed access.
429## </summary>
430## </param>
431#
432interface(`samba_read_var_files',`
433 gen_require(`
434 type samba_var_t;
435 ')
436
40df5677 437 files_search_var_lib($1)
0bfccda4 438 read_files_pattern($1, samba_var_t, samba_var_t)
40df5677
CP		 439')
440
0c89174f
CP		 441########################################
442## <summary>
443## Do not audit attempts to write samba
444## /var files.
445## </summary>
446## <param name="domain">
447## <summary>
288845a6 448## Domain to not audit.
0c89174f
CP		 449## </summary>
450## </param>
451#
452interface(`samba_dontaudit_write_var_files',`
453 gen_require(`
454 type samba_var_t;
455 ')
456
457 dontaudit $1 samba_var_t:file write;
458')
459
9fd4b818
CP		 460########################################
461## <summary>
462## Allow the specified domain to
463## read and write samba /var files.
464## </summary>
465## <param name="domain">
885b83ec 466## <summary>
9fd4b818 467## Domain allowed access.
885b83ec 468## </summary>
9fd4b818
CP		 469## </param>
470#
471interface(`samba_rw_var_files',`
472 gen_require(`
473 type samba_var_t;
474 ')
475
40df5677 476 files_search_var_lib($1)
0bfccda4 477 rw_files_pattern($1, samba_var_t, samba_var_t)
9fd4b818
CP		 478')
479
40df5677
CP		 480########################################
481## <summary>
482## Allow the specified domain to
483## read and write samba /var files.
484## </summary>
485## <param name="domain">
486## <summary>
487## Domain allowed access.
488## </summary>
489## </param>
490#
491interface(`samba_manage_var_files',`
492 gen_require(`
493 type samba_var_t;
494 ')
495
40df5677 496 files_search_var_lib($1)
0bfccda4 497 manage_files_pattern($1, samba_var_t, samba_var_t)
3eaa9939 498 manage_lnk_files_pattern($1, samba_var_t, samba_var_t)
40df5677
CP		 499')
500
0c89174f
CP		 501########################################
502## <summary>
503## Execute a domain transition to run smbcontrol.
504## </summary>
505## <param name="domain">
0dacd040 506## <summary>
0c89174f 507## Domain allowed to transition.
0dacd040 508## </summary>
0c89174f
CP		 509## </param>
510#
511interface(`samba_domtrans_smbcontrol',`
512 gen_require(`
2f94f460 513 type smbcontrol_t, smbcontrol_exec_t;
0c89174f
CP		 514 ')
515
516 domtrans_pattern($1, smbcontrol_exec_t, smbcontrol_t)
517')
518
519########################################
520## <summary>
521## Execute smbcontrol in the smbcontrol domain, and
522## allow the specified role the smbcontrol domain.
523## </summary>
524## <param name="domain">
525## <summary>
288845a6 526## Domain allowed to transition.
0c89174f
CP		 527## </summary>
528## </param>
529## <param name="role">
530## <summary>
a7ee7f81 531## Role allowed access.
0c89174f
CP		 532## </summary>
533## </param>
534#
535interface(`samba_run_smbcontrol',`
536 gen_require(`
537 type smbcontrol_t;
538 ')
539
540 samba_domtrans_smbcontrol($1)
541 role $2 types smbcontrol_t;
542')
543
544########################################
545## <summary>
546## Execute smbd in the smbd_t domain.
547## </summary>
548## <param name="domain">
549## <summary>
288845a6 550## Domain allowed to transition.
0c89174f
CP		 551## </summary>
552## </param>
553#
554interface(`samba_domtrans_smbd',`
555 gen_require(`
556 type smbd_t, smbd_exec_t;
557 ')
558
559 corecmd_search_bin($1)
560 domtrans_pattern($1, smbd_exec_t, smbd_t)
561')
562
34838aa6
JS		 563######################################
564## <summary>
565## Allow domain to signal samba
566## </summary>
567## <param name="domain">
568## <summary>
569## Domain allowed access.
570## </summary>
571## </param>
572#
573interface(`samba_signal_smbd',`
574 gen_require(`
575 type smbd_t;
576 ')
577 allow $1 smbd_t:process signal;
578')
579
40df5677
CP		 580########################################
581## <summary>
582## Do not audit attempts to use file descriptors from samba.
583## </summary>
584## <param name="domain">
585## <summary>
586## Domain to not audit.
587## </summary>
588## </param>
589#
590interface(`samba_dontaudit_use_fds',`
591 gen_require(`
592 type smbd_t;
593 ')
594
595 dontaudit $1 smbd_t:fd use;
596')
597
84c92239
CP		 598########################################
599## <summary>
600## Allow the specified domain to write to smbmount tcp sockets.
601## </summary>
602## <param name="domain">
885b83ec 603## <summary>
84c92239 604## Domain allowed access.
885b83ec 605## </summary>
84c92239
CP		 606## </param>
607#
1815bad1 608interface(`samba_write_smbmount_tcp_sockets',`
84c92239
CP		 609 gen_require(`
610 type smbmount_t;
84c92239
CP		 611 ')
612
613 allow $1 smbmount_t:tcp_socket write;
614')
615
616########################################
617## <summary>
618## Allow the specified domain to read and write to smbmount tcp sockets.
619## </summary>
620## <param name="domain">
885b83ec 621## <summary>
84c92239 622## Domain allowed access.
885b83ec 623## </summary>
84c92239
CP		 624## </param>
625#
1815bad1 626interface(`samba_rw_smbmount_tcp_sockets',`
84c92239
CP		 627 gen_require(`
628 type smbmount_t;
84c92239
CP		 629 ')
630
631 allow $1 smbmount_t:tcp_socket { read write };
632')
79cde317
CP		 633
634########################################
635## <summary>
636## Execute winbind_helper in the winbind_helper domain.
637## </summary>
638## <param name="domain">
885b83ec 639## <summary>
288845a6 640## Domain allowed to transition.
885b83ec 641## </summary>
79cde317
CP		 642## </param>
643#
644interface(`samba_domtrans_winbind_helper',`
645 gen_require(`
646 type winbind_helper_t, winbind_helper_exec_t;
647 ')
648
0bfccda4 649 domtrans_pattern($1, winbind_helper_exec_t, winbind_helper_t)
3eaa9939 650 allow $1 winbind_helper_t:process signal;
79cde317
CP		 651')
652
653########################################
654## <summary>
655## Execute winbind_helper in the winbind_helper domain, and
656## allow the specified role the winbind_helper domain.
657## </summary>
658## <param name="domain">
885b83ec 659## <summary>
288845a6 660## Domain allowed to transition.
885b83ec 661## </summary>
79cde317
CP		 662## </param>
663## <param name="role">
885b83ec 664## <summary>
a7ee7f81 665## Role allowed access.
885b83ec 666## </summary>
79cde317 667## </param>
bbcd3c97 668## <rolecap/>
79cde317
CP		 669#
670interface(`samba_run_winbind_helper',`
671 gen_require(`
672 type winbind_helper_t;
673 ')
674
675 samba_domtrans_winbind_helper($1)
676 role $2 types winbind_helper_t;
79cde317
CP		 677')
678
679########################################
680## <summary>
681## Allow the specified domain to read the winbind pid files.
682## </summary>
683## <param name="domain">
885b83ec 684## <summary>
79cde317 685## Domain allowed access.
885b83ec 686## </summary>
79cde317
CP		 687## </param>
688#
689interface(`samba_read_winbind_pid',`
690 gen_require(`
691 type winbind_var_run_t;
692 ')
693
694 files_search_pids($1)
c0868a7a 695 allow $1 winbind_var_run_t:file read_file_perms;
79cde317
CP		 696')
697
30705b6b
CP		 698########################################
699## <summary>
700## Connect to winbind.
701## </summary>
702## <param name="domain">
885b83ec 703## <summary>
30705b6b 704## Domain allowed access.
885b83ec 705## </summary>
30705b6b
CP		 706## </param>
707#
1815bad1 708interface(`samba_stream_connect_winbind',`
b81bfc26
CP		 709 gen_require(`
710 type samba_var_t, winbind_t, winbind_var_run_t;
711 ')
9377a3e5 712
b81bfc26
CP		 713 files_search_pids($1)
714 allow $1 samba_var_t:dir search_dir_perms;
715 stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
2a98379a 716
b81bfc26 717 ifndef(`distro_redhat',`
9377a3e5 718 gen_require(`
6073ea1e 719 type winbind_tmp_t;
9377a3e5
CP		 720 ')
721
722 # the default for the socket is (poorly named):
723 # /tmp/.winbindd/pipe
724 files_search_tmp($1)
0bfccda4 725 stream_connect_pattern($1, winbind_tmp_t, winbind_tmp_t, winbind_t)
30705b6b 726 ')
30705b6b 727')
0c89174f 728
3eaa9939
DW		 729########################################
730## <summary>
731## Create a set of derived types for apache
732## web content.
733## </summary>
734## <param name="prefix">
735## <summary>
736## The prefix to be used for deriving type names.
737## </summary>
738## </param>
739#
740template(`samba_helper_template',`
741 gen_require(`
742 type smbd_t;
23ac318d 743 role system_r;
3eaa9939 744 ')
dcf87460 745
3eaa9939
DW		 746 #This type is for samba helper scripts
747 type samba_$1_script_t;
748 domain_type(samba_$1_script_t)
749 role system_r types samba_$1_script_t;
750
751 # This type is used for executable scripts files
752 type samba_$1_script_exec_t;
753 corecmd_shell_entry_type(samba_$1_script_t)
754 domain_entry_file(samba_$1_script_t, samba_$1_script_exec_t)
755
756 domtrans_pattern(smbd_t, samba_$1_script_exec_t, samba_$1_script_t)
757 allow smbd_t samba_$1_script_exec_t:file ioctl;
3eaa9939
DW		 758')
759
0c89174f
CP		 760########################################
761## <summary>
762## All of the rules required to administrate
763## an samba environment
764## </summary>
765## <param name="domain">
766## <summary>
767## Domain allowed access.
768## </summary>
769## </param>
770## <param name="role">
771## <summary>
772## The role to be allowed to manage the samba domain.
773## </summary>
774## </param>
775## <rolecap/>
776#
777interface(`samba_admin',`
778 gen_require(`
2f94f460
DG		 779 type nmbd_t, nmbd_var_run_t, smbd_var_run_t;
780 type smbd_t, smbd_tmp_t, samba_secrets_t;
781 type samba_initrc_exec_t, samba_log_t, samba_var_t;
782 type samba_etc_t, samba_share_t, winbind_log_t;
2528a2d7
DG		 783 type swat_var_run_t, swat_tmp_t, samba_unconfined_script_exec_t;
784 type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t;
0c89174f
CP		 785 ')
786
995bdbb1 787 allow $1 smbd_t:process signal_perms;
0c89174f 788 ps_process_pattern($1, smbd_t)
995bdbb1 789 tunable_policy(`deny_ptrace',`',`
790 allow $1 smbd_t:process ptrace;
791 allow $1 nmbd_t:process ptrace;
792 allow $1 samba_unconfined_script_t:process ptrace;
793 ')
0c89174f 794
995bdbb1 795 allow $1 nmbd_t:process signal_perms;
0c89174f
CP		 796 ps_process_pattern($1, nmbd_t)
797
995bdbb1 798 allow $1 samba_unconfined_script_t:process signal_perms;
2de23411 799 ps_process_pattern($1, samba_unconfined_script_t)
dcf87460 800
0c89174f
CP		 801 samba_run_smbcontrol($1, $2, $3)
802 samba_run_winbind_helper($1, $2, $3)
803 samba_run_smbmount($1, $2, $3)
804 samba_run_net($1, $2, $3)
805
806 init_labeled_script_domtrans($1, samba_initrc_exec_t)
807 domain_system_change_exemption($1)
808 role_transition $2 samba_initrc_exec_t system_r;
809 allow $2 system_r;
810
811 admin_pattern($1, nmbd_var_run_t)
812
813 admin_pattern($1, samba_etc_t)
814 files_list_etc($1)
815
816 admin_pattern($1, samba_log_t)
817 logging_list_logs($1)
818
819 admin_pattern($1, samba_secrets_t)
820
821 admin_pattern($1, samba_share_t)
822
823 admin_pattern($1, samba_var_t)
824 files_list_var($1)
825
826 admin_pattern($1, smbd_var_run_t)
827 files_list_pids($1)
828
829 admin_pattern($1, smbd_tmp_t)
830 files_list_tmp($1)
831
832 admin_pattern($1, swat_var_run_t)
833
834 admin_pattern($1, swat_tmp_t)
835
836 admin_pattern($1, winbind_log_t)
837
838 admin_pattern($1, winbind_tmp_t)
839
840 admin_pattern($1, winbind_var_run_t)
3eaa9939 841 admin_pattern($1, samba_unconfined_script_exec_t)
347d9ee7
DW		 842
843 samba_systemctl($1)
0c89174f 844')
The IPFire selinux policy.