diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd index 12ea0f557..b7944434d 100644 --- a/profiles/apparmor.d/samba-dcerpcd +++ b/profiles/apparmor.d/samba-dcerpcd @@ -16,6 +16,8 @@ include profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd { include + capability sys_resource, + @{run}/{,samba/}samba-dcerpcd.pid rwk, /usr/lib*/samba/{,samba/}samba-dcerpcd mr, diff --git a/profiles/apparmor.d/samba-rpcd b/profiles/apparmor.d/samba-rpcd index 76bc3662a..c5f2eae9e 100644 --- a/profiles/apparmor.d/samba-rpcd +++ b/profiles/apparmor.d/samba-rpcd @@ -15,8 +15,13 @@ include profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} { include + + capability sys_resource, + /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr, + @{run}/samba/ncalrpc/np/lsarpc wr, + @{run}/samba/ncalrpc/np/mdssvc wr, @{run}/samba/ncalrpc/np/winreg wr, # Site-specific additions and overrides. See local/README for details. diff --git a/profiles/apparmor.d/samba-rpcd-classic b/profiles/apparmor.d/samba-rpcd-classic index e0ef6c1a0..93194d3ec 100644 --- a/profiles/apparmor.d/samba-rpcd-classic +++ b/profiles/apparmor.d/samba-rpcd-classic @@ -17,8 +17,16 @@ profile samba-rpcd-classic /usr/lib*/samba/{,samba/}rpcd_classic { include include + capability sys_resource, + /usr/lib*/samba/{,samba/}rpcd_classic mr, + @{run}/samba/ncalrpc/np/srvsvc wr, + @{run}/samba/ncalrpc/np/winreg wr, + /dev/urandom rw, + + /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd, + @{HOMEDIRS}/** lrwk, # Site-specific additions and overrides. See local/README for details. diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd index 41b4ad2e7..bdf8a7c5c 100644 --- a/profiles/apparmor.d/usr.sbin.nmbd +++ b/profiles/apparmor.d/usr.sbin.nmbd @@ -8,6 +8,7 @@ profile nmbd /usr/{bin,sbin}/nmbd { include capability net_bind_service, + capability sys_resource, @{PROC}/sys/kernel/core_pattern r,