[apparmor] [patch] smbd - various /usr/lib*/samba rules
Christian Boltz
apparmor at cboltz.de
Thu Jan 5 20:42:32 UTC 2012
Hello,
Am Donnerstag, 5. Januar 2012 schrieb Christian Boltz:
> Hello,
>
> according to Lars Müller (a samba developer) smbd needs access to some
> more files in /usr/lib*/samba/ in some cases.
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=725967#c5
The *.dat should be r, not mr.
Updated patch:
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-12-29 16:34:01 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2012-01-05 20:41:54 +0000
@@ -26,6 +26,9 @@
/proc/*/mounts r,
/proc/sys/kernel/core_pattern r,
/usr/lib*/samba/vfs/*.so mr,
+ /usr/lib*/samba/charset/*.so mr,
+ /usr/lib*/samba/auth/script.so mr,
+ /usr/lib*/samba/{lowercase,upcase,valid}.dat r,
/usr/sbin/smbd mr,
/etc/samba/* rwk,
/var/cache/samba/** rwk,
Regards,
Christian Boltz
--
Grub. Da bootest du sogar ein Stück Pappe, auf dem du 'Betriebsystem'
draufschreibst, und das in den Diskettenschacht schiebst.
[Ernst Herzberg in suse-linux]
More information about the AppArmor
mailing list