mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d
History
Exact
Christian Boltz cb4819cca9 Merge smbd: allow capability chown 
This is neeed for "inherit owner = yes" in smb.conf.

From man smb.conf:

    inherit owner (S)

    The ownership of new files and directories is normally governed by
    effective uid of the connected user. This option allows the Samba
    administrator to specify that the ownership for new files and
    directories should be controlled by the ownership of the parent
    directory.

Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1234327

I propose this fix for 3.x, 4.x and master.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1456
Approved-by: Ryan Lee <rlee287@yahoo.com>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>


(cherry picked from commit a315d89a2b)

d3050285 smbd: allow capability chown

Co-authored-by: John Johansen <john@jjmx.net>
2024-12-10 12:50:38 +00:00
..
abi policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
abstractions abstractions/nameservice: tighten libnss_libvirt file access 2024-10-16 22:43:25 +02:00
apache2.d policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
local Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00
tunables Add include if exists <tunables/$FILE.d> to all tunables 2023-07-30 00:47:34 +02:00
1password profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
balena-etcher Merge profiles: fix location for wike profile and add unconfined profile for balena-etcher 2024-06-04 20:54:53 +00:00
bin.ping Merge ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6 2024-09-30 21:43:19 +00:00
brave profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
buildah profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
busybox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
cam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-checkns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-run profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chrome profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chromium Merge profiles: Add userns stub for Chromium and variants 2024-07-21 01:53:55 -07:00
code profiles: update visual studio code so that it can be run from gnome 2024-02-24 20:27:13 -08:00
crun profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
devhelp add more unconfined profiles 2024-02-06 15:10:20 -03:00
Discord profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
element-desktop add element-desktop unconfined profile 2024-02-20 12:38:26 +00:00
epiphany add more unconfined profiles 2024-02-06 15:10:20 -03:00
evolution add more unconfined profiles 2024-02-06 15:10:20 -03:00
firefox Merge profiles: adjust unconfined firefox profile to support mozilla.org download 2024-04-03 22:39:58 -07:00
flatpak profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
foliate Merge profiles: add unconfined foliate profile 2024-04-11 20:53:10 -07:00
geary add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
github-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
goldendict profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
ipa_verify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
kchmviewer profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
keybase add keybase unconfined profile 2024-02-02 16:53:58 -03:00
lc-compliance profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
libcamerify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
linux-sandbox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
loupe add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
lsb_release policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
lxc-attach profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-create profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-destroy profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-execute profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-stop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-unshare profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-usernsexec profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
mmdebstrap profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
MongoDB_Compass profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
msedge profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
nautilus profiles: add nautilus unconfined profile 2024-02-29 08:21:25 -03:00
notepadqq profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
nvidia_modprobe policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
obsidian profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
opam add more unconfined profiles 2024-02-06 15:10:20 -03:00
opera profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
pageedit profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
php-fpm Merge profiles: installation of php-fpm needs w @{run}/systemd/notify 2024-06-05 16:56:48 +00:00
plasmashell Merge Add openSUSE path to plasmashell profile 2024-06-04 19:38:07 +00:00
podman profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
polypane profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
privacybrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
qcam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qmapshack profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
QtWebEngineProcess profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qutebrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
rootlesskit profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rpm profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rssguard profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
runc Merge profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc 2024-08-14 12:31:26 +00:00
samba-bgqd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
samba-dcerpcd Merge samba-dcerpcd: allow to execute rpcd_witness 2024-07-17 01:31:26 -07:00
samba-rpcd Merge samba-dcerpcd: allow to execute rpcd_witness 2024-07-17 01:31:26 -07:00
samba-rpcd-classic Merge profiles: add fixes for samba from issue #386 2024-04-23 07:36:08 -07:00
samba-rpcd-spoolss policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.klogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.syslog-ng Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
sbin.syslogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbuild profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-abort profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-adduser profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-apt profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-checkpackages profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-clean profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-createchroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-destroychroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-distupgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-hold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-shell add profiles for applications in unconfined mode 2023-11-23 10:34:20 -03:00
sbuild-unhold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-update profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-upgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
scide profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
signal-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slack profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slirp4netns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
steam add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
stress-ng profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
surfshark add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
systemd-coredump add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
thunderbird profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
toybox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
transmission profiles: transmission-daemon needs attach_disconnected 2024-10-21 18:43:46 +00:00
trinity profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tup profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tuxedo-control-center profiles: add unconfined profile for tuxedo-control-center 2024-03-18 09:17:51 -03:00
unix-chkpwd Allow pam_unix to execute unix_chkpwd 2024-03-13 23:13:19 +01:00
unprivileged_userns add special unprivileged_userns profile 2024-02-02 10:52:26 -03:00
userbindmount profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
usr.lib.apache2.mpm-prefork.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.lib.dovecot.anvil profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.auth Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.config profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.deliver profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dict Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.director profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.doveadm-server profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dovecot-auth profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dovecot-lda profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.lmtp Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.log profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.pop3 profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.pop3-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.replicator profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.script-login profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.ssl-params profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.stats profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.sbin.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.avahi-daemon policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dnsmasq policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dovecot profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.sbin.identd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.mdnsd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.nmbd Merge profiles: add fixes for samba from issue #386 2024-04-23 07:36:08 -07:00
usr.sbin.nscd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.ntpd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.sbin.smbd Merge smbd: allow capability chown 2024-12-10 12:50:38 +00:00
usr.sbin.smbldap-useradd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.traceroute policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.winbindd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
uwsgi-core profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vdens profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
virtiofsd profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vivaldi-bin profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vpnns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
wike Merge profiles: fix location for wike profile and add unconfined profile for balena-etcher 2024-06-04 20:54:53 +00:00
wpcom profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
zgrep policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00