Layer: services

Module: samba

Tunables Interfaces Templates

Description:

SMB and CIFS client/server programs for UNIX and name Service Switch daemon for resolving names from Windows NT servers.


Tunables:

allow_smbd_anon_write
Default value

false

Description

Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.

samba_create_home_dirs
Default value

false

Description

Allow samba to create new home directories (e.g. via PAM)

samba_domain_controller
Default value

false

Description

Allow samba to act as the domain controller, add users, groups and change passwords.

samba_enable_home_dirs
Default value

false

Description

Allow samba to share users home directories.

samba_export_all_ro
Default value

false

Description

Allow samba to share any file/directory read only.

samba_export_all_rw
Default value

false

Description

Allow samba to share any file/directory read/write.

samba_run_unconfined
Default value

false

Description

Allow samba to run unconfined scripts

samba_share_fusefs
Default value

false

Description

Allow samba to export ntfs/fusefs volumes.

samba_share_nfs
Default value

false

Description

Allow samba to export NFS volumes.

Return

Interfaces:

samba_admin( domain , role )
Summary

All of the rules required to administrate an samba environment

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to be allowed to manage the samba domain.

samba_append_log( domain )
Summary

Allow the specified domain to append to samba's log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_domtrans_net( domain )
Summary

Execute samba net in the samba_net domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_domtrans_nmb( domain )
Summary

Execute nmbd net in the nmbd_t domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_domtrans_smb( domain )
Summary

Execute smbd net in the smbd_t domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_domtrans_smbcontrol( domain )
Summary

Execute a domain transition to run smbcontrol.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

samba_domtrans_smbmount( domain )
Summary

Execute smbmount in the smbmount domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_domtrans_unconfined_net( domain )
Summary

Execute samba net in the samba_unconfined_net domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_domtrans_winbind_helper( domain )
Summary

Execute winbind_helper in the winbind_helper domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_dontaudit_use_fds( domain )
Summary

Do not audit attempts to use file descriptors from samba.

Parameters
Parameter:Description:
domain

Domain to not audit.

samba_dontaudit_write_var_files( domain )
Summary

dontaudit the specified domain to write samba /var files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_exec_log( domain )
Summary

Execute samba log in the caller domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_initrc_domtrans( domain )
Summary

Execute samba server in the samba domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

samba_manage_config( domain )
Summary

Allow the specified domain to read and write samba configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_manage_var_files( domain )
Summary

Allow the specified domain to read and write samba /var files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_config( domain )
Summary

Allow the specified domain to read samba configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_log( domain )
Summary

Allow the specified domain to read samba's log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_secrets( domain )
Summary

Allow the specified domain to read samba's secrets.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_share_files( domain )
Summary

Allow the specified domain to read samba's shares

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_var_files( domain )
Summary

Allow the specified domain to read samba /var files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_read_winbind_pid( domain )
Summary

Allow the specified domain to read the winbind pid files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_run_net( domain , role , terminal )
Summary

Execute samba net in the samba_net domain, and allow the specified role the samba_net domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

role

The role to be allowed the samba_net domain.

terminal

The type of the terminal allow the samba_net domain to use.

samba_run_smbcontrol( domain , role , terminal )
Summary

Execute smbcontrol in the smbcontrol domain, and allow the specified role the smbcontrol domain.

Parameters
Parameter:Description:
domain

Domain allowed access

role

The role to be allowed the smbcontrol domain.

terminal

The type of the role's terminal.

samba_run_smbmount( domain , role , terminal )
Summary

Execute smbmount interactively and do a domain transition to the smbmount domain.

Parameters
Parameter:Description:
domain

Domain allowed acces.

role

The role to be allowed the smbmount domain.

terminal

The type of the terminal allow the smbmount domain to use.

samba_run_unconfined_net( domain , role , terminal )
Summary

Execute samba net in the samba_unconfined_net domain, and allow the specified role the samba_unconfined_net domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

role

The role to be allowed the samba_unconfined_net domain.

terminal

The type of the terminal allow the samba_unconfined_net domain to use.

samba_run_winbind_helper( domain , role , terminal )
Summary

Execute winbind_helper in the winbind_helper domain, and allow the specified role the winbind_helper domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

role

The role to be allowed the winbind_helper domain.

terminal

The type of the terminal allow the winbind_helper domain to use.

samba_rw_config( domain )
Summary

Allow the specified domain to read and write samba configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_rw_smbmount_tcp_sockets( domain )
Summary

Allow the specified domain to read and write to smbmount tcp sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_rw_var_files( domain )
Summary

Allow the specified domain to read and write samba /var files.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_search_var( domain )
Summary

Allow the specified domain to search samba /var directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_stream_connect_winbind( domain )
Summary

Connect to winbind.

Parameters
Parameter:Description:
domain

Domain allowed access.

samba_write_smbmount_tcp_sockets( domain )
Summary

Allow the specified domain to write to smbmount tcp sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

samba_helper_template( prefix )
Summary

Create a set of derived types for apache web content.

Parameters
Parameter:Description:
prefix

The prefix to be used for deriving type names.

samba_per_role_template( userdomain_prefix )
Summary

The per role template for the samba module.

Description

This template allows smbd to manage files in a user home directory, creating files with the correct type.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

Return