Chris PeBenito 0fbfa5
#DESC winbind - Name  Service  Switch  daemon for resolving names from NT servers
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Author: Dan Walsh (dwalsh@redhat.com)
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Declarations for winbind
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 2705f9
daemon_domain(winbind, `, privhome, auth_chkpwd, nscd_client_domain')
Chris PeBenito 0fbfa5
log_domain(winbind)
Chris PeBenito 2705f9
tmp_domain(winbind)
Chris PeBenito 0fbfa5
allow winbind_t etc_t:file r_file_perms;
Chris PeBenito 0fbfa5
allow winbind_t etc_t:lnk_file read;
Chris PeBenito 0fbfa5
can_network(winbind_t)
Chris PeBenito 2705f9
allow winbind_t smbd_port_t:tcp_socket name_connect;
Chris PeBenito 2705f9
can_resolve(winbind_t)
Chris PeBenito 2705f9
Chris PeBenito 0fbfa5
ifdef(`samba.te', `', `
Chris PeBenito 0fbfa5
type samba_etc_t, file_type, sysadmfile, usercanread;
Chris PeBenito 0fbfa5
type samba_log_t, file_type, sysadmfile, logfile;
Chris PeBenito 0fbfa5
type samba_var_t, file_type, sysadmfile;
Chris PeBenito 0fbfa5
type samba_secrets_t, file_type, sysadmfile;
Chris PeBenito 0fbfa5
')
Chris PeBenito 2705f9
file_type_auto_trans(winbind_t, samba_etc_t, samba_secrets_t, file)
Chris PeBenito 0fbfa5
rw_dir_create_file(winbind_t, samba_log_t)
Chris PeBenito 0fbfa5
allow winbind_t samba_secrets_t:file rw_file_perms;
Chris PeBenito 0fbfa5
allow winbind_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 0fbfa5
allow winbind_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 0fbfa5
allow winbind_t urandom_device_t:chr_file { getattr read };
Chris PeBenito 0fbfa5
allow winbind_t self:fifo_file { read write };
Chris PeBenito 0fbfa5
rw_dir_create_file(winbind_t, samba_var_t)
Chris PeBenito 2705f9
can_kerberos(winbind_t)
Chris PeBenito 0fbfa5
allow winbind_t self:netlink_route_socket r_netlink_socket_perms;
Chris PeBenito 0fbfa5
allow winbind_t winbind_var_run_t:sock_file create_file_perms;
Chris PeBenito 2705f9
allow initrc_t winbind_var_run_t:file r_file_perms;
Chris PeBenito 2705f9
Chris PeBenito 2705f9
application_domain(winbind_helper, `, nscd_client_domain')
Chris PeBenito 2705f9
role system_r types winbind_helper_t;
Chris PeBenito 2705f9
access_terminal(winbind_helper_t, sysadm)
Chris PeBenito 2705f9
read_locale(winbind_helper_t) 
Chris PeBenito 2705f9
r_dir_file(winbind_helper_t, samba_etc_t)
Chris PeBenito 2705f9
r_dir_file(winbind_t, samba_etc_t)
Chris PeBenito 2705f9
allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 2705f9
allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 77f6e2
allow winbind_helper_t samba_var_t:dir search;
Chris PeBenito 2705f9
allow winbind_helper_t winbind_var_run_t:dir r_dir_perms;
Chris PeBenito 2705f9
can_winbind(winbind_helper_t)
Chris PeBenito 2705f9
allow winbind_helper_t privfd:fd use;