[apparmor] [patch] winbindd profile update
Christian Boltz
apparmor at cboltz.de
Fri Apr 18 14:17:41 UTC 2014
Hello,
this patch updates the usr.sbin.winbindd profile
- allow rw access to /var/cache/krb5rcache/
- treat passdb.tdb.tmp as passdb.tdb
Patch from Lars Müller <lmuelle at suse.com>
References: https://bugzilla.novell.com/show_bug.cgi?id=870607
=== modified file 'profiles/apparmor.d/usr.sbin.winbindd'
--- profiles/apparmor.d/usr.sbin.winbindd 2014-01-23 14:04:12
+++ profiles/apparmor.d/usr.sbin.winbindd 2014-04-18 14:10:35
@@ -10,7 +10,7 @@
capability ipc_lock,
capability setuid,
- /etc/samba/passdb.tdb rwk,
+ /etc/samba/passdb.tdb{,.tmp} rwk,
/etc/samba/secrets.tdb rwk,
@{PROC}/sys/kernel/core_pattern r,
/tmp/.winbindd/ w,
@@ -19,6 +19,7 @@
/usr/lib*/samba/nss_info/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
/usr/sbin/winbindd mr,
+ /var/cache/krb5rcache/* rw,
/var/cache/samba/*.tdb rwk,
/var/lib/samba/smb_krb5/krb5.conf.* rw,
/var/lib/samba/smb_tmp_krb5.* rw,
Regards,
Christian Boltz
--
"Der Pinguin ist ein gutes Logo für Linux,
denn was nicht fliegt, stürzt auch nicht ab."
Francis Kuhlen (IBM-Vice President Sales)
More information about the AppArmor
mailing list