mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

smbd profile needs capability sys_admin

Browse Source 
smbd stores ACLS in the security.NTACL namespace, which means it needs
capability sys_admin.

References: https://bugzilla.opensuse.org/show_bug.cgi?id=964971
            http://samba-technical.samba.narkive.com/eHtOW8DE/nt-acls-using-the-security-namespace-for-ntacl-considered-improper



Acked-by: Steve Beattie <steve@nxnw.org> for 2.10 and 2.9
(trunk got this and other changes via a merge request from Simon already)
This commit is contained in:
Christian Boltz
2016-04-13 23:22:07 +02:00
parent 5cb3fb29f6
commit d96b06e56d
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/apparmor.d/usr.sbin.smbd
View File

@@ -17,6 +17,7 @@
capability net_bind_service, capability net_bind_service,
capability setgid, capability setgid,
capability setuid, capability setuid,
capability sys_admin, # needed to store ACLS in the security.NTACL namespace
capability sys_resource, capability sys_resource,
capability sys_tty_config, capability sys_tty_config,