From 29f71f58a2fcb6ee6939399b6f0dbbeee24338ba67316f38ab1ceffdfdb99082 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 20 Dec 2021 20:25:33 +0000 Subject: [PATCH] Accepting request 941674 from home:npower:branches:security:apparmor - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). OBS-URL: https://build.opensuse.org/request/show/941674 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=312 --- add-samba-bgqd.diff | 19 ++++++++++--------- apparmor.changes | 6 ++++++ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/add-samba-bgqd.diff b/add-samba-bgqd.diff index d901cbe..2cdc737 100644 --- a/add-samba-bgqd.diff +++ b/add-samba-bgqd.diff @@ -14,12 +14,11 @@ Date: Fri Oct 15 22:02:36 2021 +0200 Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1191532 -diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd -new file mode 100644 -index 00000000..c81c64f1 +Index: apparmor-3.0.3/profiles/apparmor.d/samba-bgqd +=================================================================== --- /dev/null -+++ b/profiles/apparmor.d/samba-bgqd -@@ -0,0 +1,18 @@ ++++ apparmor-3.0.3/profiles/apparmor.d/samba-bgqd +@@ -0,0 +1,20 @@ +abi , + +include @@ -35,13 +34,15 @@ index 00000000..c81c64f1 + @{PROC}/sys/kernel/core_pattern r, + @{run}/samba/samba-bgqd.pid wk, + ++ /usr/lib*/samba/samba-bgqd m, ++ + # Site-specific additions and overrides. See local/README for details. + include if exists +} -diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd -index 92305564..b8fdad15 100644 ---- a/profiles/apparmor.d/usr.sbin.smbd -+++ b/profiles/apparmor.d/usr.sbin.smbd +Index: apparmor-3.0.3/profiles/apparmor.d/usr.sbin.smbd +=================================================================== +--- apparmor-3.0.3.orig/profiles/apparmor.d/usr.sbin.smbd ++++ apparmor-3.0.3/profiles/apparmor.d/usr.sbin.smbd @@ -24,6 +24,8 @@ profile smbd /usr/{bin,sbin}/smbd { capability sys_resource, capability sys_tty_config, diff --git a/apparmor.changes b/apparmor.changes index 3541bcb..0576329 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Dec 20 11:01:50 UTC 2021 - Noel Power + +- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED + operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). + ------------------------------------------------------------------- Sun Dec 19 21:42:54 UTC 2021 - Christian Boltz