[apparmor] [patch] Samba profile updates

Christian Boltz apparmor at cboltz.de
Sun Aug 21 15:33:06 UTC 2011 

Hello,

the attached patch contains some Samba profile updates (mostly) from 
openSUSE 11.4 update that did not make it into Factory yet. I hope Jeff 
didn't hide more patches in the 11.4 update repo :-/

From: Jeff Mahoney <jeffm at suse.com>                                                                                                                                             
Subject: apparmor-profiles: Add samba config files
References: bnc#679182 bnc#666450

Signed-off-by: Jeff Mahoney <jeffm at suse.com>

- updated to match trunk
- added changed path to nmbd profile (/var/cache/samba has moved to
  /var/lib/samba on (at least) openSUSE 11.4), bnc#679182#c8
  For backward compability, it also allows /var/spool/samba.
- Note: The smbd profile already contains both locations.
by Christian Boltz <apparmor at cboltz.de>


Regards,

Christian Boltz
-- 
Regeln sind da um denn kleinen Mensch zu baendigen...
Die groessen tun eben was sie wollen...   [Alain Declercq in datu]
-------------- next part --------------
From: Jeff Mahoney <jeffm at suse.com>
Subject: apparmor-profiles: Add samba config files
References: bnc#679182 bnc#666450

Signed-off-by: Jeff Mahoney <jeffm at suse.com>

- updated to match trunk
- added changed path to nmbd profile (/var/cache/samba has moved to 
  /var/lib/samba on (at least) openSUSE 11.4), bnc#679182#c8
  For backward compability, it also allows /var/spool/samba.
- Note: The smbd profile already contains both locations.
by Christian Boltz <apparmor at cboltz.de>


=== modified file 'profiles/apparmor.d/abstractions/samba'
--- profiles/apparmor.d/abstractions/samba	2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/abstractions/samba	2011-08-21 15:18:51 +0000
@@ -9,11 +9,11 @@
 #
 # ------------------------------------------------------------------
 
-  /etc/samba/smb.conf r,
+  /etc/samba/* r,
   /usr/share/samba/*.dat r,
   /var/lib/samba/**.tdb rwk,
   /var/log/samba/cores/ rw,
-  /var/log/samba/cores/* w,
+  /var/log/samba/cores/* rw,
   /var/log/samba/log.* w,
   /{,var/}run/samba/*.tdb rw,
 

=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd	2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/usr.sbin.nmbd	2011-08-21 15:21:01 +0000
@@ -8,10 +8,11 @@
   capability net_bind_service,
 
   /usr/sbin/nmbd mr,
-  /var/cache/samba/browse.dat* rw,
-  /var/lib/samba/wins.dat* rw,
-  /{,var/}run/samba/** rk,
+  /var/{cache,lib}/samba/browse.dat* rw,
+  /var/{cache,lib}/samba/wins.dat* rw,
+  /{,var/}run/samba/** rwk,
   /{,var/}run/samba/nmbd.pid rw,
+  /var/log/samba/cores/ rw,
   /var/log/samba/cores/nmbd/ rw,
   /var/log/samba/cores/nmbd/** rw,
 

=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd	2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/usr.sbin.smbd	2011-08-21 15:17:56 +0000
@@ -20,6 +20,9 @@
   /etc/printcap r,
   /proc/*/mounts r,
   /usr/sbin/smbd mr,
+  /etc/samba/* rwk,
+  /etc/samba/passdb.tdb rwk,
+  /etc/samba/secrets.tdb rwk,
   /var/cache/samba/** rwk,
   /var/cache/samba/printing/printers.tdb mrw,
   /var/lib/samba/** rwk,

More information about the AppArmor mailing list