Accepting request 976576 from home:npower:branches:security:apparmor

- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309).

OBS-URL: https://build.opensuse.org/request/show/976576
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=334

apparmor.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed May 11 14:41:17 UTC 2022 - Noel Power <nopower@suse.com>
+
+- Update samba-new-dcerpcd.patch for aarch64 which needs some
+  additional rules; (bnc#1198309).
+
 -------------------------------------------------------------------
 Sun May  8 13:25:28 UTC 2022 - Ben Greiner <code@bnavigator.de>
 

apparmor.spec

@@ -97,6 +97,7 @@ Patch10:        samba_deny_net_admin.patch
 
 # support for new dcerpcd subsytem in >= samba-4.16
 # merged upstream 2022-04-15 3.0+master https://gitlab.com/apparmor/apparmor/-/merge_requests/871
+# merged upstream 2022-05-11 3.0+master https://gitlab.com/apparmor/apparmor/-/merge_requests/880
 # bsc#1198309
 Patch11:        samba-new-dcerpcd.patch
 

samba-new-dcerpcd.patch

@@ -26,7 +26,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
 ===================================================================
 --- /dev/null
 +++ apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,31 @@
 +# ------------------------------------------------------------------
 +#
 +#    Copyright (C) 2022 SUSE LLC
@@ -47,6 +47,8 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
 +
 +  @{run}/samba/samba-dcerpcd.pid wk,
 +
++  /usr/lib*/samba/samba-dcerpcd m,
++
 +  /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
 +  /usr/lib*/samba/rpcd_classic Px -> samba-rpcd-classic,
 +  /usr/lib*/samba/rpcd_spoolss Px -> samba-rpcd-spoolss,
@@ -95,7 +97,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
 ===================================================================
 --- /dev/null
 +++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
-@@ -0,0 +1,20 @@
+@@ -0,0 +1,21 @@
 +# ------------------------------------------------------------------
 +#
 +#    Copyright (C) 2022 SUSE LLC
@@ -113,6 +115,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
 +
 +profile samba-rpcd /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
 +  include <abstractions/samba-rpcd>
++  /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} m,
 +  # Site-specific additions and overrides. See local/README for details.
 +  include if exists <local/samba-rpcd>
 +}
@@ -120,7 +123,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
 ===================================================================
 --- /dev/null
 +++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
-@@ -0,0 +1,22 @@
+@@ -0,0 +1,24 @@
 +# ------------------------------------------------------------------
 +#
 +#    Copyright (C) 2022 SUSE LLC
@@ -140,6 +143,8 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
 +  include <abstractions/samba-rpcd>
 +  include <abstractions/wutmp>
 +
++  /usr/lib*/samba/rpcd_classic m,
++
 +  # Site-specific additions and overrides. See local/README for details.
 +  include if exists <local/samba-rpcd-classic>
 +}
@@ -147,7 +152,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
 ===================================================================
 --- /dev/null
 +++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
-@@ -0,0 +1,23 @@
+@@ -0,0 +1,24 @@
 +# ------------------------------------------------------------------
 +#
 +#    Copyright (C) 2022 SUSE LLC
@@ -166,6 +171,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
 +profile samba-rpcd-spoolss /usr/lib*/samba/rpcd_spoolss {
 +  include <abstractions/samba-rpcd>
 +
++  /usr/lib*/samba/rpcd_spoolss m,
 +  /usr/lib*/samba/samba-bgqd Px -> samba-bgqd,
 +
 +  # Site-specific additions and overrides. See local/README for details.