diff --git a/apparmor.changes b/apparmor.changes index 702be02..b1cfe06 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 25 19:40:41 UTC 2024 - Christian Boltz + +- add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute + rpcd_witness (boo#1225811) + ------------------------------------------------------------------- Tue Jun 11 12:05:38 UTC 2024 - Christian Boltz diff --git a/apparmor.spec b/apparmor.spec index cad6739..a453ca6 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -107,6 +107,9 @@ Patch17: sddm-xauth.diff # utils MountRule: add support for quoted paths and empty source (master merged upstream 2024-06-11, 4.0 branch submitted upstream 2024-06-11 https://gitlab.com/apparmor/apparmor/-/merge_requests/1259) Patch18: logprof-mount-empty-source.diff +# samba-dcerpcd: allow to execute rpcd_witness (submitted upstream 2024-06-08 https://gitlab.com/apparmor/apparmor/-/merge_requests/1256, packaged patch adjusted to match the packaged samba-rpcd profile) +Patch19: sampa-rpcd-witness.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf @@ -383,6 +386,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/ %patch -P 16 -p1 %patch -P 17 -p1 %patch -P 18 -p1 +%patch -P 19 -p1 %build export SUSE_ASNEEDED=0 diff --git a/sampa-rpcd-witness.diff b/sampa-rpcd-witness.diff new file mode 100644 index 0000000..2f9aa4a --- /dev/null +++ b/sampa-rpcd-witness.diff @@ -0,0 +1,48 @@ +From https://gitlab.com/apparmor/apparmor/-/merge_requests/1256 +(adjusted to currently packaged samba-rpcd profile) + + +From 94ccd111deac35d7deadb07e66d25e045633e221 Mon Sep 17 00:00:00 2001 +From: Christian Boltz +Date: Sat, 8 Jun 2024 22:46:53 +0200 +Subject: [PATCH] samba-dcerpcd: allow to execute rpcd_witness + +... and extend the samba-rpcd profile to also include rpcd_witness. + +Patch by Noel Power + +Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1225811 +--- + profiles/apparmor.d/samba-dcerpcd | 2 +- + profiles/apparmor.d/samba-rpcd | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +Index: apparmor-v4.0.1/profiles/apparmor.d/samba-dcerpcd +=================================================================== +--- apparmor-v4.0.1.orig/profiles/apparmor.d/samba-dcerpcd 2024-04-12 05:59:30.000000000 +0200 ++++ apparmor-v4.0.1/profiles/apparmor.d/samba-dcerpcd 2024-06-25 21:49:49.017901846 +0200 +@@ -21,7 +21,7 @@ profile samba-dcerpcd /usr/lib*/samba/{, + /usr/lib*/samba/{,samba/}samba-dcerpcd mr, + + /usr/lib*/samba/ r, +- /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd, ++ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} Px -> samba-rpcd, + /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic, + /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss, + +Index: apparmor-v4.0.1/profiles/apparmor.d/samba-rpcd +=================================================================== +--- apparmor-v4.0.1.orig/profiles/apparmor.d/samba-rpcd 2024-04-12 05:59:30.000000000 +0200 ++++ apparmor-v4.0.1/profiles/apparmor.d/samba-rpcd 2024-06-25 21:49:49.017901846 +0200 +@@ -13,9 +13,9 @@ abi , + + include + +-profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} { ++profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} { + include +- /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr, ++ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} mr, + + @{run}/samba/ncalrpc/np/winreg wr, +