diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd index a455e2c5b..c9fa7b1b5 100644 --- a/profiles/apparmor.d/samba-dcerpcd +++ b/profiles/apparmor.d/samba-dcerpcd @@ -16,6 +16,8 @@ include profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd { include + capability sys_resource, + @{run}/{,samba/}samba-dcerpcd.pid rwk, /usr/lib*/samba/{,samba/}samba-dcerpcd mr, diff --git a/profiles/apparmor.d/samba-rpcd b/profiles/apparmor.d/samba-rpcd index ec0ed1d7b..ee90f968b 100644 --- a/profiles/apparmor.d/samba-rpcd +++ b/profiles/apparmor.d/samba-rpcd @@ -15,8 +15,13 @@ include profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} { include + + capability sys_resource, + /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr, + @{run}/samba/ncalrpc/np/lsarpc wr, + @{run}/samba/ncalrpc/np/mdssvc wr, @{run}/samba/ncalrpc/np/winreg wr, # Site-specific additions and overrides. See local/README for details. diff --git a/profiles/apparmor.d/samba-rpcd-classic b/profiles/apparmor.d/samba-rpcd-classic index 3066a7894..eb1a64281 100644 --- a/profiles/apparmor.d/samba-rpcd-classic +++ b/profiles/apparmor.d/samba-rpcd-classic @@ -17,8 +17,16 @@ profile samba-rpcd-classic /usr/lib*/samba/{,samba/}rpcd_classic { include include + capability sys_resource, + /usr/lib*/samba/{,samba/}rpcd_classic mr, + @{run}/samba/ncalrpc/np/srvsvc wr, + @{run}/samba/ncalrpc/np/winreg wr, + /dev/urandom rw, + + /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd, + @{HOMEDIRS}/** lrwk, # Site-specific additions and overrides. See local/README for details. diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd index 754c37b63..cee04e7e2 100644 --- a/profiles/apparmor.d/usr.sbin.nmbd +++ b/profiles/apparmor.d/usr.sbin.nmbd @@ -8,6 +8,7 @@ profile nmbd /usr/{bin,sbin}/nmbd { include capability net_bind_service, + capability sys_resource, @{PROC}/sys/kernel/core_pattern r,