apparmor/apparmor-samba-include-permissions-for-shares.diff

Samba generates a profile sniplet with permissions for all shares at 
start using the update-apparmor-samba-profile script.

This patch includes the autogenerated profile sniplet it in the smbd 
profile. It also creates a dummy profile sniplet to avoid "file not 
found" errors when AppArmor is started before samba was started.

References: https://bugzilla.novell.com/show_bug.cgi?id=688040


Signed-off-by: Christian Boltz <apparmor@cboltz.de>

=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'
--- profiles/apparmor.d/local/usr.sbin.smbd-shares	1970-01-01 00:00:00 +0000
+++ profiles/apparmor.d/local/usr.sbin.smbd-shares	2011-10-19 09:40:05 +0000
@@ -0,0 +1,2 @@
+# This file will be replaced by rules for all samba shares at samba start.
+# Do not edit!

=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd	2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd	2011-10-19 09:37:04 +0000
@@ -47,6 +47,10 @@
 
   @{HOMEDIRS}/** lrwk,
 
+  # permissions for all configured shares
+  # autogenerated by update-apparmor-samba-profile at samba start
+  #include <local/usr.sbin.smbd-shares>
+
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.smbd>
 }
Accepting request 88695 from security:apparmor:factory - include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group OBS-URL: https://build.opensuse.org/request/show/88695 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=26 2011-10-19 13:56:25 +02:00			`Samba generates a profile sniplet with permissions for all shares at`
			`start using the update-apparmor-samba-profile script.`

			`This patch includes the autogenerated profile sniplet it in the smbd`
			`profile. It also creates a dummy profile sniplet to avoid "file not`
			`found" errors when AppArmor is started before samba was started.`

			`References: https://bugzilla.novell.com/show_bug.cgi?id=688040`


			`Signed-off-by: Christian Boltz <apparmor@cboltz.de>`

			`=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'`
			`--- profiles/apparmor.d/local/usr.sbin.smbd-shares 1970-01-01 00:00:00 +0000`
			`+++ profiles/apparmor.d/local/usr.sbin.smbd-shares 2011-10-19 09:40:05 +0000`
			`@@ -0,0 +1,2 @@`
			`+# This file will be replaced by rules for all samba shares at samba start.`
			`+# Do not edit!`

			`=== modified file 'profiles/apparmor.d/usr.sbin.smbd'`
			`--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000`
			`+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000`
Accepting request 247917 from home:cboltz - update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) - add unix abstract sockets, ptrace, and signal policy generation - several bugfixes in the python tools and elsewhere - move program-chunks/postfix-common to abstractions/ - drop upstreamed patches: - apparmor-profiles-clustered-samba.diff - perl-apparmor-fix-bare-network-keyword-handling.diff - perl-apparmor-handle-bare-capability-keyword.diff - perl-apparmor-properly-handle-bare-file-keyword.diff - re-enable installation of perl modules - move python modules to python3-apparmor package - create symlinks without aa- prefix only for tools existing in 2.8.x, but not for new tools added in 2.9 - make utils filelist explicit to ensure we have the right set of files without aa- prefix in sbindir - switch easyprof python module location to python3 - drop unused defines APPARMOR_DOC_DIR and JNI_SO - refresh patches: - apparmor-utils-string-split (file moved) - apparmor-profiles-dnsmasq-iface-mtu.patch - apparmor-2.5.1-edirectory-profile (prepared Thu Mar 20 23:35:03 UTC 2014 in home project) - update to AppArmor 2.8.95 (aka 2.9 beta1) - complete rewrite of the aa-* tools in python - new tools: aa-cleanprof, aa-mergeprof - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) - and much more, but there's no upstream changelog yet - drop upstreamed patches and files: - usr.sbin.winbindd - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff - apparmor-init.py-gsoc.diff - apparmor-2.8.2-nm-dnsmasq-config.patch - add %bcond_with perl and disable the perl subpackage temporarily (the perl modules will be back in beta2) - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages (they were disabled since a long time, and upstream no longer ships their code) and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper and got finally dropped) - refresh apparmor-samba-include-permissions-for-shares.diff and apparmor-2.5.1-edirectory-profile OBS-URL: https://build.opensuse.org/request/show/247917 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=97 2014-09-07 21:10:23 +02:00			`@@ -47,6 +47,10 @@`
Accepting request 88695 from security:apparmor:factory - include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group OBS-URL: https://build.opensuse.org/request/show/88695 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=26 2011-10-19 13:56:25 +02:00
			`@{HOMEDIRS}/** lrwk,`

			`+ # permissions for all configured shares`
			`+ # autogenerated by update-apparmor-samba-profile at samba start`
			`+ #include <local/usr.sbin.smbd-shares>`
			`+`
			`# Site-specific additions and overrides. See local/README for details.`
			`#include <local/usr.sbin.smbd>`
			`}`