[apparmor] [patch] Samba Active Directory authentification
Christian Boltz
apparmor at cboltz.de
Sat Aug 27 00:22:07 UTC 2011
Hello,
another samba profile patch:
Add permissions needed for Active Directory authentification to Samba
profiles.
References: https://bugzilla.novell.com/show_bug.cgi?id=713728
@John: if Steve ACKs this patch, feel free to commit it yourself to get
it into beta2. (I'll go to bed now...)
Regards,
Christian Boltz
--
> Genaugenommen kann es DAUs (also Mehrzahl) gar nicht geben ;-)
Stimmt. Aber die werden ja gezuechtet, es gibt staendig einen neuen
DAU, ergo hat man den aktuellen DAU und die nicht ganz aktuellen...
[> Manfred Tremmel und David Haller in suse-linux]
-------------- next part --------------
Add permissions needed for Active Directory authentification to Samba
profiles.
References: https://bugzilla.novell.com/show_bug.cgi?id=713728
=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd 2011-08-26 23:52:27 +0000
+++ profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 00:14:12 +0000
@@ -7,9 +7,18 @@
capability net_bind_service,
+ /proc/sys/kernel/core_pattern r,
+
/usr/sbin/nmbd mr,
+
/var/{cache,lib}/samba/browse.dat* rw,
/var/{cache,lib}/samba/wins.dat* rw,
+ /var/{cache,lib}/samba/smb_krb5/ rw,
+ /var/{cache,lib}/samba/smb_krb5/krb5.conf* rw,
+ /var/{cache,lib}/samba/smb_tmp_krb5.* rw,
+ /var/{cache,lib}/samba/sync.* rw,
+ /var/{cache,lib}/samba/unexpected rw,
+
/{,var/}run/samba/** rwk,
# Site-specific additions and overrides. See local/README for details.
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-26 23:52:27 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-08-27 00:11:22 +0000
@@ -23,6 +23,7 @@
/etc/mtab r,
/etc/printcap r,
/proc/*/mounts r,
+ /proc/sys/kernel/core_pattern r,
/usr/sbin/smbd mr,
/etc/samba/* rwk,
/var/cache/samba/** rwk,
More information about the AppArmor
mailing list