On Mon, 2008-07-28 at 12:00 -0400, Mike Edenfield wrote: > +tunable_policy(`samba_create_home_dirs',` > + ifdef(`distro_redhat', ` > + refpolicywarn(`Use of samba_create_home_dirs is discouraged. Please use pam_oddjob_mkhomedir instead.') > + ', ` > + unprivuser_create_home_dirs(smbd_t) > + allow smbd_t self:capability chown; > + ') > +') I don't think this has the effect that you're trying to get. The ifdef is resolved during build time, and the tunable is resolved at runtime. So the warning message won't do any good for most redhat users (and it leaves them with a noop samba_create_home_dirs tunable). > +interface(`unprivuser_create_home_dirs',` > + unprivuser_home_filetrans_home_dir($1) > + unprivuser_manage_home_dirs($1) > +') "Create" just means directory create, but you have the full manage permission set, in addition to a filetrans. -- Chris PeBenito <pebenito@xxxxxxxxxx> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
Attachment:
signature.asc
Description: This is a digitally signed message part
