[apparmor] [patch] updated usr.sbin.smbd profile
Christian Boltz
apparmor at cboltz.de
Tue Oct 15 18:10:51 UTC 2013
Hello,
some samba *.dat files were moved, and a new library needs to be loaded
by smbd.
References: https://bugzilla.novell.com/show_bug.cgi?id=845867
I propose this patch for trunk and 2.8 branch.
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2013-10-09 20:42:41 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2013-10-15 17:08:51 +0000
@@ -29,7 +29,9 @@
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/auth/script.so mr,
+ /usr/lib*/samba/pdb/*.so mr,
/usr/lib*/samba/{lowercase,upcase,valid}.dat r,
+ /usr/share/samba/codepages/{upcase,lowcase,valid}.dat r,
/usr/sbin/smbd mr,
/usr/sbin/smbldap-useradd Px,
/var/cache/samba/** rwk,
FYI: For the /usr/lib*/samba/pdb/*.so I decided to use *.so to also
allow the other libs (which seem to be alternative authentification
backends - maybe "pdb" means "password database"?):
# ls -l /usr/lib64/samba/pdb
-rwxr-xr-x 1 root root 163832 Oct 2 15:01 ldapsam.so*
-rwxr-xr-x 1 root root 43728 Oct 2 15:01 smbpasswd.so*
-rwxr-xr-x 1 root root 35352 Oct 2 15:01 tdbsam.so*
-rwxr-xr-x 1 root root 14504 Oct 2 15:02 wbc_sam.so*
Regards,
Christian Boltz
--
TikiWiki ist eine sehr umfassende Sammlung von Sicherheitslücken,
konzeptuellen Problemen und Performancekillern, die alles kann und
nichts richtig. [Kristian Köhntopp auf
http://blog.koehntopp.de/archives/2051-5-Jahre-Blogging.html]
More information about the AppArmor
mailing list