From bb1b5f986bdae5d6047b131381817bc2f1e202b0 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 27 Aug 2011 20:50:42 +0200
Subject: [PATCH] Add permissions needed for Active Directory authentification
 to Samba profiles.

References: https://bugzilla.novell.com/show_bug.cgi?id=713728

Acked-By: Steve Beattie <sbeattie@ubuntu.com>
---
 profiles/apparmor.d/usr.sbin.nmbd | 9 +++++++++
 profiles/apparmor.d/usr.sbin.smbd | 1 +
 2 files changed, 10 insertions(+)

diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd
index 4d619fd41..8fe22a848 100644
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -7,9 +7,18 @@
 
   capability net_bind_service,
 
+  /proc/sys/kernel/core_pattern r,
+
   /usr/sbin/nmbd mr,
+
   /var/{cache,lib}/samba/browse.dat* rw,
   /var/{cache,lib}/samba/wins.dat* rw,
+  /var/{cache,lib}/samba/smb_krb5/ rw,
+  /var/{cache,lib}/samba/smb_krb5/krb5.conf* rw,
+  /var/{cache,lib}/samba/smb_tmp_krb5.* rw,
+  /var/{cache,lib}/samba/sync.* rw,
+  /var/{cache,lib}/samba/unexpected rw,
+
   /{,var/}run/samba/** rwk,
 
   # Site-specific additions and overrides. See local/README for details.
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index ed5118f66..5ecc48c93 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -23,6 +23,7 @@
   /etc/mtab r,
   /etc/printcap r,
   /proc/*/mounts r,
+  /proc/sys/kernel/core_pattern r,
   /usr/sbin/smbd mr,
   /etc/samba/* rwk,
   /var/cache/samba/** rwk,