From 66d51b575d068f072b36e69fda384a4911a67079 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sat, 27 Aug 2011 01:52:27 +0200 Subject: [PATCH] From: Jeff Mahoney Subject: apparmor-profiles: Add samba config files References: bnc#679182 bnc#666450 Signed-off-by: Jeff Mahoney - updated to match trunk - added changed path to nmbd profile (/var/cache/samba has moved to /var/lib/samba on (at least) openSUSE 11.4), bnc#679182#c8 For backward compability, it also allows /var/spool/samba. - Note: The smbd profile already contains both locations. by Christian Boltz updated according to the comments from Steve Beattie by Christian Boltz Acked-By: Steve Beattie --- profiles/apparmor.d/abstractions/samba | 4 ++-- profiles/apparmor.d/usr.sbin.nmbd | 9 +++------ profiles/apparmor.d/usr.sbin.smbd | 1 + 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba index c695441e5..dd0d8af93 100644 --- a/profiles/apparmor.d/abstractions/samba +++ b/profiles/apparmor.d/abstractions/samba @@ -9,11 +9,11 @@ # # ------------------------------------------------------------------ - /etc/samba/smb.conf r, + /etc/samba/* r, /usr/share/samba/*.dat r, /var/lib/samba/**.tdb rwk, /var/log/samba/cores/ rw, - /var/log/samba/cores/* w, + /var/log/samba/cores/** rw, /var/log/samba/log.* w, /{,var/}run/samba/*.tdb rw, diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd index c662de2df..4d619fd41 100644 --- a/profiles/apparmor.d/usr.sbin.nmbd +++ b/profiles/apparmor.d/usr.sbin.nmbd @@ -8,12 +8,9 @@ capability net_bind_service, /usr/sbin/nmbd mr, - /var/cache/samba/browse.dat* rw, - /var/lib/samba/wins.dat* rw, - /{,var/}run/samba/** rk, - /{,var/}run/samba/nmbd.pid rw, - /var/log/samba/cores/nmbd/ rw, - /var/log/samba/cores/nmbd/** rw, + /var/{cache,lib}/samba/browse.dat* rw, + /var/{cache,lib}/samba/wins.dat* rw, + /{,var/}run/samba/** rwk, # Site-specific additions and overrides. See local/README for details. #include diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd index 5a3611a4b..ed5118f66 100644 --- a/profiles/apparmor.d/usr.sbin.smbd +++ b/profiles/apparmor.d/usr.sbin.smbd @@ -24,6 +24,7 @@ /etc/printcap r, /proc/*/mounts r, /usr/sbin/smbd mr, + /etc/samba/* rwk, /var/cache/samba/** rwk, /var/cache/samba/printing/printers.tdb mrw, /var/lib/samba/** rwk,