[apparmor] profile for samba winbindd

Seth Arnold seth.arnold at gmail.com
Wed May 9 22:48:28 UTC 2012 

Heh, any profile that accounts for dumping core files seems like reason enough to have the program profiled in the first place. :)
-----Original Message-----
From: Christian Boltz <apparmor at cboltz.de>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Thu, 10 May 2012 00:42:17 
To: <apparmor at lists.ubuntu.com>
Subject: [apparmor] profile for samba winbindd

Hello,

this is the profile for samba's winbindd I added to the openSUSE package 
(in Factory) some time ago. Until now I didn't receive any bugreports so 
I'd say it's complete ;-)

I propose to add this profile to profiles/apparmor.d/ to have it active 
by default.



# Last Modified: Mon Mar 26 20:28:18 2012
#include <tunables/global>

/usr/sbin/winbindd {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  /etc/samba/dhcp.conf r,
  /etc/samba/passdb.tdb rwk,
  /etc/samba/secrets.tdb rwk,
  /proc/sys/kernel/core_pattern r,
  /tmp/.winbindd/ w,
  /usr/lib*/samba/idmap/*.so mr,
  /usr/lib*/samba/nss_info/*.so mr,
  /usr/sbin/winbindd mr,
  /var/lib/samba/account_policy.tdb rwk,
  /var/lib/samba/gencache.tdb rwk,
  /var/lib/samba/gencache_notrans.tdb rwk,
  /var/lib/samba/group_mapping.tdb rwk,
  /var/lib/samba/messages.tdb rwk,
  /var/lib/samba/netsamlogon_cache.tdb rwk,
  /var/lib/samba/serverid.tdb rwk,
  /var/lib/samba/winbindd_cache.tdb rwk,
  /var/lib/samba/winbindd_privileged/pipe w,
  /var/log/samba/cores/ rw,
  /var/log/samba/cores/winbindd/ rw,
  /var/log/samba/cores/winbindd/** rw,
  /var/log/samba/log.wb-* w,
  /var/log/samba/log.winbindd rw,
  /{var/,}run/samba/winbindd.pid rwk,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.winbindd>

}



Regards,

Christian Boltz
-- 
> Ich habe immer so Bißspuren in meiner Tastatur!
> Weiß jemand wieso?
Ist Deine Maus hungrig?
[> Bernd Brodesser und Hannes Vogelmann in suse-linux]


-- 
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

More information about the AppArmor mailing list