Merge profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850

- Fix "type=AVC msg=audit(1646702374.347:182): apparmor="DENIED" operation="open" profile="samba-bgqd" name="/proc/1933/fd/" pid=1933 comm="samba-bgqd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0" entries appearing in SLE15-SP4 Signed-off-by: Noel Power <noel.power@suse.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/860 Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit e2319167d0) 6b83ba91 profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850
2025-08-31 22:35:35 +00:00 · 2022-03-14 12:16:20 +00:00
parent ecf8abab98
commit f1c6defb4a
1 changed files with 2 additions and 0 deletions
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -12,6 +12,8 @@ profile samba-bgqd /usr/lib*/samba/samba-bgqd {
  signal receive set=term peer=smbd,

  @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/fd/ r,
+
  @{run}/samba/samba-bgqd.pid wk,

  /usr/lib*/samba/samba-bgqd m,