c04137f806
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). OBS-URL: https://build.opensuse.org/request/show/970229 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=324
13 lines
482 B
Diff
13 lines
482 B
Diff
Index: apparmor-3.0.4/profiles/apparmor.d/abstractions/samba
|
|
===================================================================
|
|
--- apparmor-3.0.4.orig/profiles/apparmor.d/abstractions/samba
|
|
+++ apparmor-3.0.4/profiles/apparmor.d/abstractions/samba
|
|
@@ -34,5 +34,7 @@
|
|
# required for clustering
|
|
/var/lib/ctdb/** rwk,
|
|
|
|
+ deny capability net_admin, # noisy setsockopt() calls from systemd
|
|
+
|
|
# Include additions to the abstraction
|
|
include if exists <abstractions/samba.d>
|