commit 85e53a5d040cdf3f7705da9e625b85041694aa4c Author: Christian Boltz Date: Fri Oct 15 22:02:36 2021 +0200 Add profile for samba-bgqd ... and some rules in the smbd profile to execute it and send it a term signal. samba-bgqd is (quoting its manpage) "an internal helper program performing asynchronous printing-related jobs." samba-bgqd was added in Samba 4.15. Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1191532 Index: apparmor-3.0.3/profiles/apparmor.d/samba-bgqd =================================================================== --- /dev/null +++ apparmor-3.0.3/profiles/apparmor.d/samba-bgqd @@ -0,0 +1,20 @@ +abi , + +include + +profile samba-bgqd /usr/lib*/samba/samba-bgqd { + include + include + include + include + + signal receive set=term peer=smbd, + + @{PROC}/sys/kernel/core_pattern r, + @{run}/samba/samba-bgqd.pid wk, + + /usr/lib*/samba/samba-bgqd m, + + # Site-specific additions and overrides. See local/README for details. + include if exists +} Index: apparmor-3.0.3/profiles/apparmor.d/usr.sbin.smbd =================================================================== --- apparmor-3.0.3.orig/profiles/apparmor.d/usr.sbin.smbd +++ apparmor-3.0.3/profiles/apparmor.d/usr.sbin.smbd @@ -24,6 +24,8 @@ profile smbd /usr/{bin,sbin}/smbd { capability sys_resource, capability sys_tty_config, + signal send set=term peer=samba-bgqd, + /etc/mtab r, /etc/netgroup r, /etc/printcap r, @@ -35,6 +37,7 @@ profile smbd /usr/{bin,sbin}/smbd { /usr/lib*/samba/charset/*.so mr, /usr/lib*/samba/gensec/*.so mr, /usr/lib*/samba/pdb/*.so mr, + /usr/lib*/samba/samba-bgqd Px -> samba-bgqd, /usr/lib*/samba/{lowcase,upcase,valid}.dat r, /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr, /usr/lib/@{multiarch}/samba/**/ r,