From 0f51513a1171771c9a15002b43ffee1c1ad3acfc Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Wed, 17 Jul 2024 08:30:00 +0000
Subject: [PATCH] Merge samba-dcerpcd: allow to execute rpcd_witness

... and extend the samba-rpcd profile to also include rpcd_witness.

Patch by Noel Power <nopower@suse.com>

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1225811

I propose this patch for 3.x, 4.0 and master.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1256
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 899c0b3942897c66b30868e59b599a74bde68877)
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor.d/samba-dcerpcd | 2 +-
 profiles/apparmor.d/samba-rpcd    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd
index c9fa7b1b5..a118825e0 100644
--- a/profiles/apparmor.d/samba-dcerpcd
+++ b/profiles/apparmor.d/samba-dcerpcd
@@ -23,7 +23,7 @@ profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
   /usr/lib*/samba/{,samba/}samba-dcerpcd mr,
 
   /usr/lib*/samba/ r,
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} Px -> samba-rpcd,
   /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
   /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
 
diff --git a/profiles/apparmor.d/samba-rpcd b/profiles/apparmor.d/samba-rpcd
index ee90f968b..703447ae1 100644
--- a/profiles/apparmor.d/samba-rpcd
+++ b/profiles/apparmor.d/samba-rpcd
@@ -13,12 +13,12 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} {
   include <abstractions/samba-rpcd>
 
   capability sys_resource,
 
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} mr,
 
   @{run}/samba/ncalrpc/np/lsarpc wr,
   @{run}/samba/ncalrpc/np/mdssvc wr,