From 6ce5571eb1bd7d4c76bd5750058223a12622121a Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 23 Nov 2011 13:23:16 -0500
Subject: [PATCH] winbind needs to be able to talk to ldap directly, not
 through sssd

---
 policy/modules/services/samba.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index d893f992..bac0112b 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -875,10 +875,14 @@ domain_use_interactive_fds(winbind_t)
 
 files_read_etc_files(winbind_t)
 files_read_usr_symlinks(winbind_t)
+files_list_var_lib(winbind_t)
 
 logging_send_syslog_msg(winbind_t)
 
 miscfiles_read_localization(winbind_t)
+miscfiles_read_generic_certs(winbind_t)
+
+sysnet_use_ldap(winbind_t)
 
 userdom_dontaudit_use_unpriv_user_fds(winbind_t)
 userdom_manage_user_home_content_dirs(winbind_t)
-- 
2.39.5