pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 203528 from security:apparmor

Browse Source 
- add apparmor-profiles-samba4.diff - various profile additions for 
  samba 4.x (bnc#845867, bnc#846054)
- update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)

Please also include this in 13.1 - without it, it's impossible to start samba.

OBS-URL: https://build.opensuse.org/request/show/203528
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=55
This commit is contained in:
Tomáš Chvátal 2013-10-17 11:58:19 +00:00 committed by Git OBS Bridge
commit 7a538f7721
4 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
apparmor-profiles-samba4.diff Normal file
View File

@ -0,0 +1,47 @@
=== modified file 'profiles/apparmor.d/abstractions/samba'
--- profiles/apparmor.d/abstractions/samba 2011-08-26 23:52:27 +0000
+++ profiles/apparmor.d/abstractions/samba 2013-10-15 20:36:33 +0000
@@ -11,6 +11,7 @@
/etc/samba/* r,
/usr/share/samba/*.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/var/lib/samba/**.tdb rwk,
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.nmbd 2013-10-15 20:36:33 +0000
@@ -12,6 +12,7 @@
/usr/sbin/nmbd mr,
/var/{cache,lib}/samba/browse.dat* rw,
+ /var/{cache,lib}/samba/gencache.dat rw,
/var/{cache,lib}/samba/wins.dat* rw,
/var/{cache,lib}/samba/smb_krb5/ rw,
/var/{cache,lib}/samba/smb_krb5/krb5.conf* rw,
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2012-01-10 18:06:24 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2013-10-15 20:36:33 +0000
@@ -29,7 +29,8 @@
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/auth/script.so mr,
- /usr/lib*/samba/{lowercase,upcase,valid}.dat r,
+ /usr/lib*/samba/pdb/*.so mr,
+ /usr/lib*/samba/{lowercase,lowcase,upcase,valid}.dat r,
/usr/sbin/smbd mr,
/usr/sbin/smbldap-useradd Px,
/var/cache/samba/** rwk,
@@ -39,6 +40,8 @@
/{,var/}run/cups/cups.sock rw,
/{,var/}run/dbus/system_bus_socket rw,
/{,var/}run/samba/** rk,
+ /{,var/}run/samba/ncalrpc/ rw,
+ /{,var/}run/samba/ncalrpc/** rw,
/{,var/}run/samba/smbd.pid rw,
/var/log/samba/cores/smbd/ rw,
/var/log/samba/cores/smbd/** rw,

7
apparmor.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Oct 15 20:10:49 UTC 2013 - opensuse@cboltz.de
- add apparmor-profiles-samba4.diff - various profile additions for
samba 4.x (bnc#845867, bnc#846054)
- update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)
-------------------------------------------------------------------
Sun Sep 29 15:00:20 UTC 2013 - opensuse@cboltz.de

4
apparmor.spec
View File

@ -109,6 +109,9 @@ Patch9: apparmor-fix-url-in-manpages-r2093.diff
# fix aa-unconfined to work with all languages (commited upstream trunk r2190, 2.8 r2094)
Patch10: apparmor-unconfined-lang-r2094.diff
# various permissions needed for Samba 4.1 - bnc#845867 bnc#846054 (not commited upstream yet)
Patch11: apparmor-profiles-samba4.diff
# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
Patch12: apparmor-2.5.1-edirectory-profile
@ -483,6 +486,7 @@ SubDomain.
%patch8
%patch9
%patch10
%patch11
%patch12 -p1
# only create Immunix::SubDomain perl module for openSUSE <= 12.1

6
usr.sbin.winbindd
View File

@ -1,4 +1,3 @@
# Last Modified: Mon Mar 26 20:28:18 2012
#include <tunables/global>
/usr/sbin/winbindd {
@ -13,6 +12,8 @@
/usr/lib*/samba/idmap/*.so mr,
/usr/lib*/samba/nss_info/*.so mr,
/usr/sbin/winbindd mr,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/var/cache/samba/netsamlogon_cache.tdb rw,
/var/lib/samba/account_policy.tdb rwk,
/var/lib/samba/gencache.tdb rwk,
/var/lib/samba/gencache_notrans.tdb rwk,
@ -20,7 +21,7 @@
/var/lib/samba/messages.tdb rwk,
/var/lib/samba/netsamlogon_cache.tdb rwk,
/var/lib/samba/serverid.tdb rwk,
/var/lib/samba/winbindd_cache.tdb rwk,
/var/lib/samba/winbindd_cache.tdb* rwk,
/var/lib/samba/winbindd_privileged/pipe w,
/var/log/samba/cores/ rw,
/var/log/samba/cores/winbindd/ rw,
@ -28,6 +29,7 @@
/var/log/samba/log.wb-* w,
/var/log/samba/log.winbindd rw,
/{var/,}run/samba/winbindd.pid rwk,
/{var/,}run/samba/winbindd/ rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.winbindd>