commit: f5c9fba7feac9bd937bf9de3783b2717fd145f50
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Jan 28 16:39:34 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 1 01:21:42 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f5c9fba7
samba: Add missing userspace class requirements in unit interfaces.
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/samba.if | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if
index 6af30d0c..92eab06d 100644
--- a/policy/modules/services/samba.if
+++ b/policy/modules/services/samba.if
@@ -341,6 +341,7 @@ interface(`samba_read_share_files',`
interface(`samba_start',`
gen_require(`
type samba_unit_t;
+ class service start;
')
allow $1 samba_unit_t:file getattr;
@@ -360,6 +361,7 @@ interface(`samba_start',`
interface(`samba_stop',`
gen_require(`
type samba_unit_t;
+ class service stop;
')
allow $1 samba_unit_t:file getattr;
@@ -379,6 +381,7 @@ interface(`samba_stop',`
interface(`samba_status',`
gen_require(`
type samba_unit_t;
+ class service status;
')
allow $1 samba_unit_t:file getattr;
@@ -398,6 +401,7 @@ interface(`samba_status',`
interface(`samba_reload',`
gen_require(`
type samba_unit_t;
+ class service reload;
')
allow $1 samba_unit_t:file getattr;
