On Mon, 2008-02-04 at 16:05 +0100, Stefan Schulze Frielinghaus wrote:
> On Mon, 2008-02-04 at 09:03 -0500, Daniel J Walsh wrote:
> > Stefan Schulze Frielinghaus wrote:
> > > On Debian machines smbd needs append rights for samba logfiles.
> > >
> > In Fedora smbd_t needs manage_files_pattern on smbd_log_t. Our
> samba
> > developers informed me that this is ok, since these are not security
> > relevent log files.
> OK than we can easily substitute create_files_pattern with
> manage_files_pattern. Attached patch should do that.
Merged.
>
>
>
>
>
> differences
> between files
> attachment
> (samba.te.patch)
>
> --- /usr/src/refpolicy-20071214/policy/modules/services/samba.te 2007-12-14 15:23:18.000000000 +0100
> +++ policy/modules/services/samba.te 2008-02-04 15:59:56.000000000
> +0100
> @@ -222,7 +222,7 @@
> allow smbd_t samba_etc_t:file { rw_file_perms setattr };
>
> create_dirs_pattern(smbd_t,samba_log_t,samba_log_t)
> -create_files_pattern(smbd_t,samba_log_t,samba_log_t)
> +manage_files_pattern(smbd_t,samba_log_t,samba_log_t)
> allow smbd_t samba_log_t:dir setattr;
> dontaudit smbd_t samba_log_t:dir remove_name;
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
