diff --git a/Changelog b/Changelog index 1f849e2..9587cd9 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +- Fix winbind socket connection interface for default location of the + sock_file. - Add wireshark module based on ethereal module. - Revise upstart support in init module to use a tunable, as upstart is now used in Fedora too. diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if index 51543ca..9495ac0 100644 --- a/policy/modules/services/samba.if +++ b/policy/modules/services/samba.if @@ -484,11 +484,22 @@ interface(`samba_read_winbind_pid',` ## # interface(`samba_stream_connect_winbind',` - gen_require(` - type samba_var_t, winbind_t, winbind_var_run_t; + ifdef(`distro_redhat',` + gen_require(` + type samba_var_t, winbind_t, winbind_var_run_t; + ') + + files_search_pids($1) + allow $1 samba_var_t:dir search_dir_perms; + stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t) + ',` + gen_require(` + type winbind_t, winbind_tmp_t; + ') + + # the default for the socket is (poorly named): + # /tmp/.winbindd/pipe + files_search_tmp($1) + stream_connect_pattern($1,winbind_tmp_t,winbind_tmp_t,winbind_t) ') - - files_search_pids($1) - allow $1 samba_var_t:dir search_dir_perms; - stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t) ') diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index a218d5e..3869cc3 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -1,5 +1,5 @@ -policy_module(samba,1.7.1) +policy_module(samba,1.7.2) ################################# #