[apparmor] [patch] Samba "vfs objects"
Christian Boltz
apparmor at cboltz.de
Tue Nov 1 15:54:46 UTC 2011
Hello,
Am Dienstag, 1. November 2011 schrieb Steve Beattie:
> On Mon, Oct 31, 2011 at 08:12:07PM +0100, Christian Boltz wrote:
> > here's patch for the smbd profile (already included in the
> > openSUSE
> > package, the timeline was too short to push it upstream and wait
> > for the RC2 release ;-)
> >
> > ------------------------------------------------------------------
> >
> > Allow loading the libraries used for Samba "vfs objects = ..."
> >
> > References: https://bugzilla.novell.com/show_bug.cgi?id=725967
> >
> > Signed-off-by: Christian Boltz <apparmor at cboltz.de>
> >
> >
> > === modified file 'profiles/apparmor.d/usr.sbin.smbd'
> > --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
> > +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-26 20:43:13 +0000
> > @@ -24,6 +24,7 @@
> >
> > /etc/printcap r,
> > /proc/*/mounts r,
> > /proc/sys/kernel/core_pattern r,
> >
> > + /usr/lib64/samba/vfs/*.so mr,
>
> On ubuntu, even on x86_64 (aka amd64) systems, this path is
>
> /usr/lib/samba/vfs/*.so
>
> Can you take that into account? Thanks.
*argh*
You are right, I thought I had changed this before :-/
Updated patch:
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-11-01 15:34:38 +0000
@@ -24,6 +24,7 @@
/etc/printcap r,
/proc/*/mounts r,
/proc/sys/kernel/core_pattern r,
+ /usr/lib*/samba/vfs/*.so mr,
/usr/sbin/smbd mr,
/etc/samba/* rwk,
/var/cache/samba/** rwk,
Regards,
Christian Boltz
--
Das hat wie so vieles im Leben Vor- und Nachteile. Es ist halt alles
andere als DAU-sicher. Aber da nur ich hier rumfuhrwerke brauche ich
nicht lange nach dem Verursacher suchen, falls etwas schiefgeht. Ein
Blick in den Spiegel reicht vollkommen... [Ralph Müller in suse-linux]
More information about the AppArmor
mailing list