On Fri, 2008-07-18 at 13:31 -0400, Mike Edenfield wrote: > Christopher J. PeBenito wrote: > > On Mon, 2008-07-14 at 16:31 -0400, Mike Edenfield wrote: > > >> +tunable_policy(`samba_create_home_dirs',` > >> + unprivuser_home_filetrans_home_dir(smbd_t) > >> + unprivuser_manage_home_dirs(smbd_t) > > > > I think we want this to be unprivuser_create_home_dirs(), which would > > need to be added. > > That was my first instinct but I didn't see one already present, so I > just copied what I found for oddjob_mkhomedir. > > I'll define a new interface for this -- I assume that's probably a > separate patch? No, its fine to include it in this one. > And I should convert the sysadm role and oddjob type to > use the interface? Sysadm is fine as is, since it already has broad powers for managing users. I'm not sure about the oddjob usage; you'd have to check the programs features to see if it does other things in addition to just creating the dirs. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
