Simon Déziel has proposed merging lp:~sdeziel/apparmor/smbd-refresh into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor/smbd-refresh/+merge/291755
New versions of Samba will soon land into Ubuntu [*] so it's a good time to
refresh the profile.
*: https://lists.ubuntu.com/archives/ubuntu-server/2016-April/007266.html
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~sdeziel/apparmor/smbd-refresh into lp:apparmor.
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2015-02-28 20:35:18 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2016-04-13 13:28:08 +0000
@@ -10,6 +10,7 @@
#include <abstractions/user-tmp>
#include <abstractions/wutmp>
+ capability audit_write,
capability dac_override,
capability dac_read_search,
capability fowner,
@@ -17,6 +18,7 @@
capability net_bind_service,
capability setgid,
capability setuid,
+ capability sys_admin,
capability sys_resource,
capability sys_tty_config,
@@ -31,6 +33,9 @@
/usr/lib*/samba/auth/script.so mr,
/usr/lib*/samba/pdb/*.so mr,
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
+ /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
+ /usr/lib/@{multiarch}/samba/**/ r,
+ /usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,
/usr/sbin/smbd mr,
/usr/sbin/smbldap-useradd Px,
/var/cache/samba/** rwk,
@@ -42,6 +47,8 @@
/{,var/}run/samba/ncalrpc/ rw,
/{,var/}run/samba/ncalrpc/** rw,
/{,var/}run/samba/smbd.pid rw,
+ /{,var/}run/samba/msg.lock/ rw,
+ /{,var/}run/samba/msg.lock/[0-9]* rwk,
/var/spool/samba/** rw,
@{HOMEDIRS}/** lrwk,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
