From f1c6defb4a81373a80d2bc342a6ce5cf7aa62864 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Mon, 14 Mar 2022 12:16:20 +0000
Subject: [PATCH] Merge profiles/apparmor.d: Fix read access denied on
 /proc/*/fd bsc#1196850

- Fix "type=AVC msg=audit(1646702374.347:182): apparmor="DENIED"
       operation="open" profile="samba-bgqd" name="/proc/1933/fd/"
       pid=1933 comm="samba-bgqd" requested_mask="r" denied_mask="r"
       fsuid=0 ouid=0"

entries appearing in SLE15-SP4

Signed-off-by: Noel Power <noel.power@suse.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/860
Merged-by: Christian Boltz <apparmor@cboltz.de>


(cherry picked from commit e2319167d08c1e525191461aca7954bb0c2d651d)

6b83ba91 profiles/apparmor.d: Fix read access denied on /proc/*/fd bsc#1196850
---
 profiles/apparmor.d/samba-bgqd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd
index c56623b3c..be9bb50a9 100644
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -12,6 +12,8 @@ profile samba-bgqd /usr/lib*/samba/samba-bgqd {
   signal receive set=term peer=smbd,
 
   @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/fd/ r,
+
   @{run}/samba/samba-bgqd.pid wk,
 
   /usr/lib*/samba/samba-bgqd m,