77fc31b80c
- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099) OBS-URL: https://build.opensuse.org/request/show/605463 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=215
26 lines
973 B
Diff
26 lines
973 B
Diff
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
|
|
index 8f54e9c0..cbd03bad 100644
|
|
--- a/profiles/apparmor.d/usr.sbin.smbd
|
|
+++ b/profiles/apparmor.d/usr.sbin.smbd
|
|
@@ -32,6 +32,8 @@
|
|
/usr/lib*/samba/charset/*.so mr,
|
|
/usr/lib*/samba/auth/script.so mr,
|
|
/usr/lib*/samba/pdb/*.so mr,
|
|
+ /usr/lib*/samba/auth/*.so mr,
|
|
+ /usr/lib*/samba/gensec/*.so mr,
|
|
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
|
|
/usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
|
|
/usr/lib/@{multiarch}/samba/**/ r,
|
|
diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd
|
|
index f5f8cc08..5a906c0e 100644
|
|
--- a/profiles/apparmor.d/usr.sbin.winbindd
|
|
+++ b/profiles/apparmor.d/usr.sbin.winbindd
|
|
@@ -20,6 +20,7 @@
|
|
@{PROC}/sys/kernel/core_pattern r,
|
|
/tmp/.winbindd/ w,
|
|
/tmp/krb5cc_* rwk,
|
|
+ /run/user/*/krb5cc/* rwk,
|
|
/usr/lib*/samba/gensec/krb*.so mr,
|
|
/usr/lib*/samba/idmap/*.so mr,
|
|
/usr/lib*/samba/nss_info/*.so mr,
|