[apparmor] [patch] Update nmbd profile and abstractions/samba
Christian Boltz
apparmor at cboltz.de
Tue Dec 13 15:54:43 UTC 2016
Hello,
nmbd needs some additional permissions:
- k for /var/cache/samba/lck/* (via abstractions/samba)
- rw for /var/cache/samba/msg/ (the log only mentioned r, but that
directory needs to be created first)
- w for /var/cache/samba/msg/* (the log didn't indicate any read access)
Reported by FLD on IRC, audit log on https://paste.debian.net/902010/
I propose this patch for trunk, 2.10 and 2.9
[ nmbd.diff ]
=== modified file ./profiles/apparmor.d/abstractions/samba
--- profiles/apparmor.d/abstractions/samba 2016-11-18 21:29:24.889846000 +0100
+++ profiles/apparmor.d/abstractions/samba 2016-12-13 16:43:22.073679262 +0100
@@ -16,7 +16,7 @@
/usr/share/samba/*.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/var/cache/samba/ w,
- /var/cache/samba/lck/* rw,
+ /var/cache/samba/lck/* rwk,
/var/lib/samba/** rwk,
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
=== modified file ./profiles/apparmor.d/usr.sbin.nmbd
--- profiles/apparmor.d/usr.sbin.nmbd 2014-09-10 22:00:36.616976000 +0200
+++ profiles/apparmor.d/usr.sbin.nmbd 2016-12-13 16:44:31.269362676 +0100
@@ -20,6 +20,8 @@
/var/{cache,lib}/samba/smb_tmp_krb5.* rw,
/var/{cache,lib}/samba/sync.* rw,
/var/{cache,lib}/samba/unexpected rw,
+ /var/cache/samba/msg/ rw,
+ /var/cache/samba/msg/* w,
/{,var/}run/samba/** rwk,
Regards,
Christian Boltz
--
> Please see the duplicated mail as kmail's vote to make
> thunderbird default ;-(
And some people say that Kmail is good for nothing. :-))
[> Stephan Kulow and Ken Schneider in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161213/8e12c8b5/attachment.pgp>
More information about the AppArmor
mailing list