Accepting request 230739 from security:apparmor

- update usr.sbin.winbindd profile (bnc#870607)
  - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/

- update usr.sbin.winbindd profile (bnc#870607)
  - treat passdb.tdb.tmp as passdb.tdb
  - allow rw access to /var/tmp/ (forwarded request 228512 from lmuelle)

OBS-URL: https://build.opensuse.org/request/show/230739
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=67

apparmor.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Apr  1 16:06:24 UTC 2014 - lmuelle@suse.com
+
+- update usr.sbin.winbindd profile (bnc#870607)
+  - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/
+
+-------------------------------------------------------------------
+Fri Mar 28 14:24:19 UTC 2014 - lmuelle@suse.com
+
+- update usr.sbin.winbindd profile (bnc#870607)
+  - treat passdb.tdb.tmp as passdb.tdb
+  - allow rw access to /var/tmp/
+
 -------------------------------------------------------------------
 Thu Mar 20 19:58:47 UTC 2014 - opensuse@cboltz.de
 

usr.sbin.winbindd

@@ -11,7 +11,7 @@
   capability setuid,
 
   /etc/samba/dhcp.conf r,
-  /etc/samba/passdb.tdb rwk,
+  /etc/samba/passdb.tdb{,.tmp} rwk,
   /etc/samba/secrets.tdb rwk,
   /proc/sys/kernel/core_pattern r,
   /tmp/.winbindd/ w,
@@ -21,6 +21,7 @@
   /usr/lib*/samba/pdb/*.so mr,
   /usr/sbin/winbindd mr,
   /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
+  /var/cache/krb5rcache/* rw,
   /var/cache/samba/*.tdb rwk,
   /var/cache/samba/netsamlogon_cache.tdb rw,