#
# smbd Local policy
#
-allow smbd_t self:capability { chown fowner kill setgid setuid sys_nice sys_admin sys_resource lease dac_override dac_read_search };
+allow smbd_t self:capability { chown fowner kill setgid setuid sys_chroot sys_nice sys_admin sys_resource lease dac_override dac_read_search };
dontaudit smbd_t self:capability sys_tty_config;
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow smbd_t self:process setrlimit;