diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba index b5e167064..e41e7d1ac 100644 --- a/profiles/apparmor.d/abstractions/samba +++ b/profiles/apparmor.d/abstractions/samba @@ -28,6 +28,7 @@ @{run}/{,lock/}samba/*.tdb rwk, @{run}/{,lock/}samba/msg.{lock,sock}/ rwk, @{run}/{,lock/}samba/msg.{lock,sock}/[0-9]* rwk, + /var/cache/samba/*.tdb rwk, /var/cache/samba/msg.lock/ rwk, /var/cache/samba/msg.lock/[0-9]* rwk, diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd index c205c2614..a63021328 100644 --- a/profiles/apparmor.d/samba-bgqd +++ b/profiles/apparmor.d/samba-bgqd @@ -14,7 +14,7 @@ profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd { @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/fd/ r, - @{run}/samba/samba-bgqd.pid wk, + @{run}/{,samba/}samba-bgqd.pid rwk, /usr/lib*/samba/{,samba/}samba-bgqd mr, /var/cache/samba/printing/*.tdb rwk, diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd index c186441ee..12ea0f557 100644 --- a/profiles/apparmor.d/samba-dcerpcd +++ b/profiles/apparmor.d/samba-dcerpcd @@ -16,7 +16,7 @@ include profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd { include - @{run}/samba/samba-dcerpcd.pid wk, + @{run}/{,samba/}samba-dcerpcd.pid rwk, /usr/lib*/samba/{,samba/}samba-dcerpcd mr, diff --git a/profiles/apparmor.d/samba-rpcd-spoolss b/profiles/apparmor.d/samba-rpcd-spoolss index a86873dd3..904fa0196 100644 --- a/profiles/apparmor.d/samba-rpcd-spoolss +++ b/profiles/apparmor.d/samba-rpcd-spoolss @@ -20,7 +20,7 @@ profile samba-rpcd-spoolss /usr/lib*/samba/{,samba/}rpcd_spoolss { /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd, /var/cache/samba/printing/ w, /var/cache/samba/printing/*.tdb rwk, - @{run}/samba/samba-bgqd.pid rk, + @{run}/{,samba/}samba-bgqd.pid rk, /dev/urandom rw, diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd index 521387934..c4e6d70c7 100644 --- a/profiles/apparmor.d/usr.sbin.smbd +++ b/profiles/apparmor.d/usr.sbin.smbd @@ -53,11 +53,10 @@ profile smbd /usr/{bin,sbin}/smbd { /var/lib/samba/** rwk, /var/lib/sss/pubconf/kdcinfo.* r, @{run}/dbus/system_bus_socket rw, - @{run}/smbd.pid rwk, + @{run}/{,samba/}smbd.pid rwk, @{run}/samba/** rk, @{run}/samba/ncalrpc/ rw, @{run}/samba/ncalrpc/** rw, - @{run}/samba/smbd.pid rw, /var/spool/samba/** rw, @{HOMEDIRS}/** lrwk,