pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1152898 from home:npower:branches:security:apparmor

Browse Source 
- Add smbd-unix_chkpwd.diff to allow smbd to execute
  unix_chkpwd and fix other pam related denies; (boo#1220032).

OBS-URL: https://build.opensuse.org/request/show/1152898
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=398
This commit is contained in:
Christian Boltz 2024-02-29 20:44:35 +00:00 committed by Git OBS Bridge
parent 9041844394
commit 8cf3c6a617
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Feb 27 14:26:58 UTC 2024 - Noel Power <nopower@suse.com>
- Add smbd-unix_chkpwd.diff to allow smbd to execute
unix_chkpwd and fix other pam related denies; (boo#1220032).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 26 17:25:58 UTC 2024 - Ludwig Nussel <lnussel@suse.com> Mon Feb 26 17:25:58 UTC 2024 - Ludwig Nussel <lnussel@suse.com>

5
apparmor.spec
View File

@ -98,6 +98,10 @@ Patch9: dovecot-unix_chkpwd.diff
# abstractions/openssl: allow version specific engdef & engines paths (boo#1219571) # abstractions/openssl: allow version specific engdef & engines paths (boo#1219571)
Patch10: apparmor-abstractions-openssl-allow-version-specific-en.patch Patch10: apparmor-abstractions-openssl-allow-version-specific-en.patch
# allow smbd to execute unix_chkpwd (boo#1220032)
# https://gitlab.com/apparmor/apparmor/-/merge_requests/1159
Patch11: smbd-unix_chkpwd.diff
PreReq: sed PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison BuildRequires: bison
@ -367,6 +371,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
%endif %endif
%patch -P 9 -p1 %patch -P 9 -p1
%patch -P 10 -p1 %patch -P 10 -p1
%patch -P 11 -p1
%build %build
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0

31
smbd-unix_chkpwd.diff Normal file
View File

@ -0,0 +1,31 @@
Index: apparmor-3.1.7/profiles/apparmor.d/usr.sbin.smbd
===================================================================
--- apparmor-3.1.7.orig/profiles/apparmor.d/usr.sbin.smbd
+++ apparmor-3.1.7/profiles/apparmor.d/usr.sbin.smbd
@@ -33,6 +33,9 @@ profile smbd /usr/{bin,sbin}/smbd {
/etc/samba/* rwk,
@{PROC}/@{pid}/mounts r,
@{PROC}/sys/kernel/core_pattern r,
+ /usr/etc/environment r,
+ /usr/etc/security/limits.d/ r,
+ /usr/etc/security/limits.d/*.conf r,
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/auth/*.so mr,
/usr/lib*/samba/charset/*.so mr,
@@ -47,6 +50,7 @@ profile smbd /usr/{bin,sbin}/smbd {
/usr/share/samba/** r,
/usr/{bin,sbin}/smbd mr,
/usr/{bin,sbin}/smbldap-useradd Px,
+ /usr/sbin/unix_chkpwd Px,
/var/cache/samba/** rwk,
/var/{cache,lib}/samba/printing/printers.tdb mrw,
/var/lib/nscd/netgroup r,
@@ -59,6 +63,8 @@ profile smbd /usr/{bin,sbin}/smbd {
@{run}/samba/ncalrpc/** rw,
/var/spool/samba/** rw,
+ owner /proc/@{pid}/loginuid r,
+
@{HOMEDIRS}/** lrwk,
/var/lib/samba/usershares/{,**} lrwk,