Christopher J. PeBenito wrote:
On Fri, 2008-07-18 at 13:42 -0400, Daniel J Walsh wrote:
Mike Edenfield wrote:
I apologize if I'm not doing this right, I'm kinda new at this...
I have made some changes to the SELinux policy for our intranet servers
that I thought might be useful to a broader audience. Included below is
a patch to the latest refpolicy. This has been tested on the Gentoo
systems we have here; I don't have easy access to other SELinux systems
at the moment. It does the following:
[...]
* Adds a tunable that lets samba create home directories via pam_mkhomedir
Could you do this with pam_oddjob_mkhomedir without having to add the
privs. I think this is a better solution.
What if you don't have oddjob? It doesn't hurt to have the perms in a
tunable. It could be put in a ifndef distro_redhat, if samba in
fedora/rh requires pam_oddjob_mkhomedir.
If this is the preferable way for RH users to set up samba, would this
be an appropriate solution?
tunable_policy(`samba_create_home_dirs',`
ifdef(`distro_redhat', `
refpolicywarn(`Use of samba_create_home_dirs is discouraged.
Please use pam_oddjob_mkhomedir instead.')
', `
unprivuser_create_home_dirs(smbd_t)
allow smbd_t self:capability chown;
')
')
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
