Update nmbd profile and abstractions/samba

nmbd needs some additional permissions: - k for /var/cache/samba/lck/* (via abstractions/samba) - rw for /var/cache/samba/msg/ (the log only mentioned r, but that directory needs to be created first) - w for /var/cache/samba/msg/* (the log didn't indicate any read access) Reported by FLD on IRC, audit log on https://paste.debian.net/902010/ Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
2025-09-05 08:45:22 +00:00 · 2016-12-13 22:16:45 +01:00
parent e11226e9b2
commit ccb9f412b4
2 changed files with 3 additions and 1 deletions
--- a/profiles/apparmor.d/abstractions/samba
+++ b/profiles/apparmor.d/abstractions/samba
@@ -14,7 +14,7 @@
  /usr/share/samba/*.dat r,
  /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
  /var/cache/samba/ w,
-  /var/cache/samba/lck/* rw,
+  /var/cache/samba/lck/* rwk,
  /var/lib/samba/** rwk,
  /var/log/samba/cores/ rw,
  /var/log/samba/cores/** rw,
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -20,6 +20,8 @@
  /var/{cache,lib}/samba/smb_tmp_krb5.* rw,
  /var/{cache,lib}/samba/sync.* rw,
  /var/{cache,lib}/samba/unexpected rw,
+  /var/cache/samba/msg/ rw,
+  /var/cache/samba/msg/* w,

  /{,var/}run/samba/** rwk,