mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

Update kerberosclient abstraction for access to authdata directory

Browse Source 
For example winbindd when configured on a samba system using
sssd can trigger

apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/winbindd" name="/usr/lib64/krb5/plugins/authdata /sssd_pac_plugin.so" pid=2798 comm="winbindd" requested_mask="m" denied_mask="m" fsuid=52311 ouid=0

Signed-off-by: Noel Power <noel.power@suse.com>
(cherry picked from commit 6e94794c68)
This commit is contained in:
Noel Power
2023-03-03 11:42:17 +00:00
committed by Christian Boltz
parent 0e6b48cc78
commit d0e086e93a
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
profiles/apparmor.d/abstractions/kerberosclient
View File

@@ -22,6 +22,11 @@
/usr/lib/@{multiarch}/krb5/plugins/preauth/ r,
/usr/lib/@{multiarch}/krb5/plugins/preauth/* mr,
/usr/lib{,32,64}/krb5/plugins/authdata/ r,
/usr/lib{,32,64}/krb5/plugins/authdata/* mr,
/usr/lib/@{multiarch}/krb5/plugins/authdata/ r,
/usr/lib/@{multiarch}/krb5/plugins/authdata/* mr,
/etc/krb5.keytab rk,
/etc/krb5.conf r,
/etc/krb5.conf.d/ r,