mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

adjust winbindd profile to cater for sssd kdcinfo access

Browse source 
winbindd (with nsswitch sssd configuration) is now getting

type=AVC msg=audit(1677832823.657:119): apparmor="DENIED" operation="open" profile="/usr/sbin/winbindd" name="/var/lib/sss/pubconf/kdcinfo.TESTDOMAIN1.MY.COM" pid=3026 comm="winbindd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Signed-off-by: Noel Power <noel.power@suse.com>
This commit is contained in:
Noel Power 2023-03-03 11:35:47 +00:00
parent b8a14e29b7
commit b4f5414882
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/apparmor.d/usr.sbin.winbindd
View file

@ -29,6 +29,7 @@ profile winbindd /usr/{bin,sbin}/winbindd {
/usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/{bin,sbin}/winbindd mr,
/var/cache/krb5rcache/* rwk,
/var/lib/sss/pubconf/kdcinfo.* r,
/var/log/samba/log.winbindd rw,
@{run}/{samba/,}winbindd.pid rwk,
@{run}/samba/winbindd/ rw,