153645aade
- Add new rule to fix 'DENIED' open on /proc/{pid}/fd for
samba-bgqd; (bnc#1196850).
- Add new rule to allow reading of openssl.cnf; (bnc#1195463).
OBS-URL: https://build.opensuse.org/request/show/964827
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=317
20 lines
641 B
Diff
20 lines
641 B
Diff
Index: apparmor-3.0.4/profiles/apparmor.d/samba-bgqd
|
|
===================================================================
|
|
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-bgqd
|
|
+++ apparmor-3.0.4/profiles/apparmor.d/samba-bgqd
|
|
@@ -6,11 +6,14 @@ profile samba-bgqd /usr/lib*/samba/samba
|
|
include <abstractions/base>
|
|
include <abstractions/cups-client>
|
|
include <abstractions/nameservice>
|
|
+ include <abstractions/openssl>
|
|
include <abstractions/samba>
|
|
|
|
signal receive set=term peer=smbd,
|
|
|
|
@{PROC}/sys/kernel/core_pattern r,
|
|
+ owner @{PROC}/@{pid}/fd/ r,
|
|
+
|
|
@{run}/samba/samba-bgqd.pid wk,
|
|
|
|
/usr/lib*/samba/samba-bgqd m,
|