[apparmor] [patch] Samba profile updates for ActiveDirectory / Kerberos

Christian Boltz apparmor at cboltz.de
Tue Aug 29 12:08:37 UTC 2017


Hello,

Am Dienstag, 29. August 2017, 03:38:53 CEST schrieb Seth Arnold:
> On Tue, Aug 22, 2017 at 11:14:59PM +0200, Christian Boltz wrote:
> > > Is the sss/ms/initgroups change intentional?
> > 
> > Yes, this is intentional - I did the profile updates (on an INVIS
> > server) myself ;-)
> > 
> > > Should that go into abstractions/nameservice instead?
> > 
> > What about "maybe"? ;-)  This was the first time I've seen access to
> > sss/ms/initgroups. I don't really know what it does, so I prefered
> > to
> > only allow it in the smbd profile.
> > 
> > If you think it makes sense for abstractions/nameservice, I can
> > change the patch ;-)
> 
> This would be wonderful, thanks. The 'initgroups' interface exists to
> support the getgrouplist(3) function as described by nsswitch.conf(5).
> So if a site is using sss then probably more than just Samba will
> need this.
> 
> Acked-by: Seth Arnold <seth.arnold at canonical.com> for the 'old' patch
> minus the initgroups, and the offered new patch of the initgroups in
> abstractions/nameservice. :)

Updated patch commited to all branches.

@Stefan: Since this patch affects profiles and abstractions shipped in 
the apparmor-profiles and apparmor-abstractions package - do you want 
updated AppArmor packages in Tumbleweed and/or Leap? If so, please tell 
me when you need them, and I'll try to get a maintenance update out.

Ideally we could get new minor releases from upstream AppArmor with all 
the patches and changes collected in the last 8 months.


Regards,

Christian Boltz
-- 
<cboltz> jjohansen: you are making it too easy for kshitij8 ;-)
<jjohansen> cboltz: oops sorry, now I'll have to come up with a new task
            to make him suffer :)
<sarnold> review the c++11 conversion? :)
* sarnold runs
<jjohansen> haha, sarnold I said suffer, not drive him to commit suicide
[from #apparmor]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170829/2a75457c/attachment.pgp>


More information about the AppArmor mailing list