Merge samba-dcerpcd: allow to execute rpcd_witness

... and extend the samba-rpcd profile to also include rpcd_witness.

Patch by Noel Power <nopower@suse.com>

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1225811

I propose this patch for 3.x, 4.0 and master.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1256
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 899c0b3942)
Signed-off-by: John Johansen <john.johansen@canonical.com>

profiles/apparmor.d/samba-dcerpcd

@@ -23,7 +23,7 @@ profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
   /usr/lib*/samba/{,samba/}samba-dcerpcd mr,
 
   /usr/lib*/samba/ r,
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} Px -> samba-rpcd,
   /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
   /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
 

profiles/apparmor.d/samba-rpcd

@@ -13,12 +13,12 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} {
   include <abstractions/samba-rpcd>
 
   capability sys_resource,
 
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} mr,
 
   @{run}/samba/ncalrpc/np/lsarpc wr,
   @{run}/samba/ncalrpc/np/mdssvc wr,