mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 06:45:38 +00:00
Code Issues Releases Wiki Activity

Update usr.sbin.winbindd profile to allow krb5 rcache files locking

Browse Source 
Samba 4.12.0 together with krb5 1.18 needs file locking permissions in
the krb5 rache directory:

type=AVC msg=audit(1584708328.422:76): apparmor="DENIED" operation="file_lock"
  profile="winbindd" name="/var/cache/krb5rcache/krb5_20500.rcache2"
  pid=1461 comm="winbindd" requested_mask="k" denied_mask="k"
  fsuid=20500 ouid=20500

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
This commit is contained in:
Samuel Cabrero
2020-03-20 13:57:18 +01:00
parent 02cfbc8b96
commit 2c3001c7a1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/usr.sbin.winbindd
View File

@@ -25,7 +25,7 @@ profile winbindd /usr/{bin,sbin}/winbindd {
/usr/lib*/samba/nss_info/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
/usr/{bin,sbin}/winbindd mr,
/var/cache/krb5rcache/* rw,
/var/cache/krb5rcache/* rwk,
/var/cache/samba/*.tdb rwk,
/var/log/samba/log.winbindd rw,
@{run}/{samba/,}winbindd.pid rwk,