c958d9cad3
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
Samba generates a profile sniplet with permissions for all shares at
|
|
start using the update-apparmor-samba-profile script.
|
|
|
|
This patch includes the autogenerated profile sniplet it in the smbd
|
|
profile. It also creates a dummy profile sniplet to avoid "file not
|
|
found" errors when AppArmor is started before samba was started.
|
|
|
|
References: https://bugzilla.novell.com/show_bug.cgi?id=688040
|
|
|
|
|
|
Signed-off-by: Christian Boltz <apparmor@cboltz.de>
|
|
|
|
=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'
|
|
--- profiles/apparmor.d/local/usr.sbin.smbd-shares 1970-01-01 00:00:00 +0000
|
|
+++ profiles/apparmor.d/local/usr.sbin.smbd-shares 2011-10-19 09:40:05 +0000
|
|
@@ -0,0 +1,2 @@
|
|
+# This file will be replaced by rules for all samba shares at samba start.
|
|
+# Do not edit!
|
|
|
|
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
|
|
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
|
|
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
|
|
@@ -46,6 +46,10 @@
|
|
|
|
@{HOMEDIRS}/** lrwk,
|
|
|
|
+ # permissions for all configured shares
|
|
+ # autogenerated by update-apparmor-samba-profile at samba start
|
|
+ #include <local/usr.sbin.smbd-shares>
|
|
+
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.sbin.smbd>
|
|
}
|
|
|