With this configuration, Samba must be started prior to sealing the kernel, or when LIDS_GLOBAL is disabled so it can bind to ports 137 & 139.
/sbin/lidsconf -A -o /etc/samba -j READONLY /sbin/lidsconf -A -o /var/samba -j READONLY /sbin/lidsconf -A -s /usr/sbin/smbd -o /var/samba -j WRITE /sbin/lidsconf -A -s /usr/sbin/nmbd -o /var/samba -j WRITE # smbd needs write access to smbpasswd to chmod it. i think it # also needs access to MACHINE.SID /sbin/lidsconf -A -s /usr/sbin/smbd -o /etc/samba -j WRITE /sbin/lidsconf -A -s /usr/sbin/smbd -o /etc/shadow -j READONLY /sbin/lidsconf -A -s /usr/sbin/smbd -o CAP_SETUID -j GRANT /sbin/lidsconf -A -s /usr/sbin/smbd -o CAP_SETGID -j GRANT /sbin/lidsconf -A -s /usr/sbin/smbd -o CAP_HIDDEN -j GRANT # LIDS complains about smbd trying to chroot to / # everything still seems to work without it, though # (and isn't chrooting to / kinda pointless anyway?) #/sbin/lidsconf -A -s /usr/sbin/smbd -o CAP_SYS_CHROOT -j GRANT /sbin/lidsconf -A -s /usr/sbin/nmbd -o CAP_HIDDEN -j GRANT |