profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850

- Fix "type=AVC msg=audit(1646702374.347:182): apparmor="DENIED" operation="open" profile="samba-bgqd" name="/proc/1933/fd/" pid=1933 comm="samba-bgqd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0" entries appearing in SLE15-SP4 Signed-off-by: Noel Power <noel.power@suse.com>
2025-08-31 22:35:35 +00:00 · 2022-03-09 16:52:40 +00:00
parent bd78b6b292
commit 6b83ba91c1
1 changed files with 2 additions and 0 deletions
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -11,6 +11,8 @@ profile samba-bgqd /usr/lib*/samba/samba-bgqd {
  signal receive set=term peer=smbd,

  @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/fd/ r,
+
  @{run}/samba/samba-bgqd.pid wk,

  /usr/lib*/samba/samba-bgqd m,