diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba index b5e167064..e41e7d1ac 100644 --- a/profiles/apparmor.d/abstractions/samba +++ b/profiles/apparmor.d/abstractions/samba @@ -28,6 +28,7 @@ @{run}/{,lock/}samba/*.tdb rwk, @{run}/{,lock/}samba/msg.{lock,sock}/ rwk, @{run}/{,lock/}samba/msg.{lock,sock}/[0-9]* rwk, + /var/cache/samba/*.tdb rwk, /var/cache/samba/msg.lock/ rwk, /var/cache/samba/msg.lock/[0-9]* rwk, diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd index c205c2614..a63021328 100644 --- a/profiles/apparmor.d/samba-bgqd +++ b/profiles/apparmor.d/samba-bgqd @@ -14,7 +14,7 @@ profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd { @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/fd/ r, - @{run}/samba/samba-bgqd.pid wk, + @{run}/{,samba/}samba-bgqd.pid rwk, /usr/lib*/samba/{,samba/}samba-bgqd mr, /var/cache/samba/printing/*.tdb rwk, diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd index c186441ee..12ea0f557 100644 --- a/profiles/apparmor.d/samba-dcerpcd +++ b/profiles/apparmor.d/samba-dcerpcd @@ -16,7 +16,7 @@ include profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd { include - @{run}/samba/samba-dcerpcd.pid wk, + @{run}/{,samba/}samba-dcerpcd.pid rwk, /usr/lib*/samba/{,samba/}samba-dcerpcd mr, diff --git a/profiles/apparmor.d/samba-rpcd-spoolss b/profiles/apparmor.d/samba-rpcd-spoolss index a86873dd3..904fa0196 100644 --- a/profiles/apparmor.d/samba-rpcd-spoolss +++ b/profiles/apparmor.d/samba-rpcd-spoolss @@ -20,7 +20,7 @@ profile samba-rpcd-spoolss /usr/lib*/samba/{,samba/}rpcd_spoolss { /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd, /var/cache/samba/printing/ w, /var/cache/samba/printing/*.tdb rwk, - @{run}/samba/samba-bgqd.pid rk, + @{run}/{,samba/}samba-bgqd.pid rk, /dev/urandom rw, diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd index 1c8c1a9e9..41b4ad2e7 100644 --- a/profiles/apparmor.d/usr.sbin.nmbd +++ b/profiles/apparmor.d/usr.sbin.nmbd @@ -13,9 +13,6 @@ profile nmbd /usr/{bin,sbin}/nmbd { /usr/{bin,sbin}/nmbd mr, - /var/cache/samba/gencache.tdb rwk, - /var/cache/samba/gencache_notrans.tdb rwk, - /var/cache/samba/names.tdb rwk, /var/{cache,lib}/samba/browse.dat* rw, /var/{cache,lib}/samba/gencache.dat rw, /var/{cache,lib}/samba/wins.dat* rw, diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd index 521387934..c4e6d70c7 100644 --- a/profiles/apparmor.d/usr.sbin.smbd +++ b/profiles/apparmor.d/usr.sbin.smbd @@ -53,11 +53,10 @@ profile smbd /usr/{bin,sbin}/smbd { /var/lib/samba/** rwk, /var/lib/sss/pubconf/kdcinfo.* r, @{run}/dbus/system_bus_socket rw, - @{run}/smbd.pid rwk, + @{run}/{,samba/}smbd.pid rwk, @{run}/samba/** rk, @{run}/samba/ncalrpc/ rw, @{run}/samba/ncalrpc/** rw, - @{run}/samba/smbd.pid rw, /var/spool/samba/** rw, @{HOMEDIRS}/** lrwk, diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd index adc3a010d..2c7822b7b 100644 --- a/profiles/apparmor.d/usr.sbin.winbindd +++ b/profiles/apparmor.d/usr.sbin.winbindd @@ -29,7 +29,6 @@ profile winbindd /usr/{bin,sbin}/winbindd { /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd, /usr/{bin,sbin}/winbindd mr, /var/cache/krb5rcache/* rwk, - /var/cache/samba/*.tdb rwk, /var/log/samba/log.winbindd rw, @{run}/{samba/,}winbindd.pid rwk, @{run}/samba/winbindd/ rw,