diff --git a/apparmor-winbindd-r3213.diff b/apparmor-winbindd-r3213.diff new file mode 100644 index 0000000..a932358 --- /dev/null +++ b/apparmor-winbindd-r3213.diff @@ -0,0 +1,29 @@ +------------------------------------------------------------ +revno: 3213 +committer: Christian Boltz +branch nick: apparmor +timestamp: Thu 2015-07-30 22:03:02 +0200 +message: + winbindd profile: allow k for /etc/samba/smbd.tmp/msg/* + + References: https://bugzilla.opensuse.org/show_bug.cgi?id=921098 starting at comment 15 + + + Acked-by: Steve Beattie for trunk and 2.9 + + +=== modified file 'profiles/apparmor.d/usr.sbin.winbindd' +--- profiles/apparmor.d/usr.sbin.winbindd 2015-05-18 23:25:26 +0000 ++++ profiles/apparmor.d/usr.sbin.winbindd 2015-07-30 20:03:02 +0000 +@@ -15,7 +15,7 @@ + /etc/samba/secrets.tdb rwk, + /etc/samba/smbd.tmp/ rw, + /etc/samba/smbd.tmp/msg/ rw, +- /etc/samba/smbd.tmp/msg/* rw, ++ /etc/samba/smbd.tmp/msg/* rwk, + @{PROC}/sys/kernel/core_pattern r, + /tmp/.winbindd/ w, + /tmp/krb5cc_* rwk, + + +vim:ft=diff diff --git a/apparmor.changes b/apparmor.changes index b0e21d5..c70bfc4 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jul 30 20:08:20 UTC 2015 - opensuse@cboltz.de + +- add apparmor-winbindd-r3213.diff - add missing k permissions for + /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19) + ------------------------------------------------------------------- Thu Jul 23 22:16:35 UTC 2015 - opensuse@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index 2134efb..40c39e5 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -95,6 +95,9 @@ Patch7: apparmor-lessopen-profile.patch # boo#862170 - fix ugly initscript output (commited upstream trunk r3208) Patch8: fix-initscript-aa_log_end_msg.diff +# additional winbindd permissions (commited upstream trunk r3213, 2.9 r2946) - (boo#921098 #c15..19) +Patch9: apparmor-winbindd-r3213.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -440,6 +443,7 @@ SubDomain. %patch6 %patch7 -p1 %patch8 +%patch9 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"