From 6b83ba91c1ce73d202257b486d40dde806a99a11 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Wed, 9 Mar 2022 16:52:40 +0000
Subject: [PATCH] profiles/apparmor.d: Fix read access denied on /proc/*/fd
 bsc#1196850

- Fix "type=AVC msg=audit(1646702374.347:182): apparmor="DENIED"
       operation="open" profile="samba-bgqd" name="/proc/1933/fd/"
       pid=1933 comm="samba-bgqd" requested_mask="r" denied_mask="r"
       fsuid=0 ouid=0"

entries appearing in SLE15-SP4

Signed-off-by: Noel Power <noel.power@suse.com>
---
 profiles/apparmor.d/samba-bgqd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd
index 7de33d94b..bfc3e9018 100644
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -11,6 +11,8 @@ profile samba-bgqd /usr/lib*/samba/samba-bgqd {
   signal receive set=term peer=smbd,
 
   @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/fd/ r,
+
   @{run}/samba/samba-bgqd.pid wk,
 
   /usr/lib*/samba/samba-bgqd m,