diff --git a/apparmor-profiles-samba4.diff b/apparmor-profiles-samba4.diff new file mode 100644 index 0000000..dfebe4b --- /dev/null +++ b/apparmor-profiles-samba4.diff @@ -0,0 +1,47 @@ +=== modified file 'profiles/apparmor.d/abstractions/samba' +--- profiles/apparmor.d/abstractions/samba 2011-08-26 23:52:27 +0000 ++++ profiles/apparmor.d/abstractions/samba 2013-10-15 20:36:33 +0000 +@@ -11,6 +11,7 @@ + + /etc/samba/* r, + /usr/share/samba/*.dat r, ++ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + /var/lib/samba/**.tdb rwk, + /var/log/samba/cores/ rw, + /var/log/samba/cores/** rw, + +=== modified file 'profiles/apparmor.d/usr.sbin.nmbd' +--- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +0000 ++++ profiles/apparmor.d/usr.sbin.nmbd 2013-10-15 20:36:33 +0000 +@@ -12,6 +12,7 @@ + /usr/sbin/nmbd mr, + + /var/{cache,lib}/samba/browse.dat* rw, ++ /var/{cache,lib}/samba/gencache.dat rw, + /var/{cache,lib}/samba/wins.dat* rw, + /var/{cache,lib}/samba/smb_krb5/ rw, + /var/{cache,lib}/samba/smb_krb5/krb5.conf* rw, + +=== modified file 'profiles/apparmor.d/usr.sbin.smbd' +--- profiles/apparmor.d/usr.sbin.smbd 2012-01-10 18:06:24 +0000 ++++ profiles/apparmor.d/usr.sbin.smbd 2013-10-15 20:36:33 +0000 +@@ -29,7 +29,8 @@ + /usr/lib*/samba/vfs/*.so mr, + /usr/lib*/samba/charset/*.so mr, + /usr/lib*/samba/auth/script.so mr, +- /usr/lib*/samba/{lowercase,upcase,valid}.dat r, ++ /usr/lib*/samba/pdb/*.so mr, ++ /usr/lib*/samba/{lowercase,lowcase,upcase,valid}.dat r, + /usr/sbin/smbd mr, + /usr/sbin/smbldap-useradd Px, + /var/cache/samba/** rwk, +@@ -39,6 +40,8 @@ + /{,var/}run/cups/cups.sock rw, + /{,var/}run/dbus/system_bus_socket rw, + /{,var/}run/samba/** rk, ++ /{,var/}run/samba/ncalrpc/ rw, ++ /{,var/}run/samba/ncalrpc/** rw, + /{,var/}run/samba/smbd.pid rw, + /var/log/samba/cores/smbd/ rw, + /var/log/samba/cores/smbd/** rw, + diff --git a/apparmor.changes b/apparmor.changes index 8cc83c3..052f9f7 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 15 20:10:49 UTC 2013 - opensuse@cboltz.de + +- add apparmor-profiles-samba4.diff - various profile additions for + samba 4.x (bnc#845867, bnc#846054) +- update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054) + ------------------------------------------------------------------- Sun Sep 29 15:00:20 UTC 2013 - opensuse@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index d9e191a..ae2a3d9 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -109,6 +109,9 @@ Patch9: apparmor-fix-url-in-manpages-r2093.diff # fix aa-unconfined to work with all languages (commited upstream trunk r2190, 2.8 r2094) Patch10: apparmor-unconfined-lang-r2094.diff +# various permissions needed for Samba 4.1 - bnc#845867 bnc#846054 (not commited upstream yet) +Patch11: apparmor-profiles-samba4.diff + # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile @@ -483,6 +486,7 @@ SubDomain. %patch8 %patch9 %patch10 +%patch11 %patch12 -p1 # only create Immunix::SubDomain perl module for openSUSE <= 12.1 diff --git a/usr.sbin.winbindd b/usr.sbin.winbindd index a81c312..95ad889 100644 --- a/usr.sbin.winbindd +++ b/usr.sbin.winbindd @@ -1,4 +1,3 @@ -# Last Modified: Mon Mar 26 20:28:18 2012 #include /usr/sbin/winbindd { @@ -13,6 +12,8 @@ /usr/lib*/samba/idmap/*.so mr, /usr/lib*/samba/nss_info/*.so mr, /usr/sbin/winbindd mr, + /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + /var/cache/samba/netsamlogon_cache.tdb rw, /var/lib/samba/account_policy.tdb rwk, /var/lib/samba/gencache.tdb rwk, /var/lib/samba/gencache_notrans.tdb rwk, @@ -20,7 +21,7 @@ /var/lib/samba/messages.tdb rwk, /var/lib/samba/netsamlogon_cache.tdb rwk, /var/lib/samba/serverid.tdb rwk, - /var/lib/samba/winbindd_cache.tdb rwk, + /var/lib/samba/winbindd_cache.tdb* rwk, /var/lib/samba/winbindd_privileged/pipe w, /var/log/samba/cores/ rw, /var/log/samba/cores/winbindd/ rw, @@ -28,6 +29,7 @@ /var/log/samba/log.wb-* w, /var/log/samba/log.winbindd rw, /{var/,}run/samba/winbindd.pid rwk, + /{var/,}run/samba/winbindd/ rw, # Site-specific additions and overrides. See local/README for details. #include