mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d/usr.sbin.smbd
Christian Boltz d305028502
smbd: allow capability chown 
This is neeed for "inherit owner = yes" in smb.conf.

From man smb.conf:

    inherit owner (S)

    The ownership of new files and directories is normally governed by
    effective uid of the connected user. This option allows the Samba
    administrator to specify that the ownership for new files and
    directories should be controlled by the ownership of the parent
    directory.

Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1234327
2024-12-09 20:45:42 +01:00

72 lines
2.1 KiB
Text
Raw Blame History

abi <abi/4.0>,
include <tunables/global>
profile smbd /usr/{bin,sbin}/smbd {
include <abstractions/authentication>
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/cups-client>
include <abstractions/nameservice>
include <abstractions/samba>
include <abstractions/user-tmp>
include <abstractions/wutmp>
capability audit_write,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability lease,
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_resource,
capability sys_tty_config,
signal send set=term peer=samba-bgqd,
/etc/mtab r,
/etc/netgroup r,
/etc/printcap r,
/etc/samba/* rwk,
@{PROC}/@{pid}/mounts r,
@{PROC}/sys/kernel/core_pattern r,
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/auth/*.so mr,
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/gensec/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
/usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
/usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
/usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
/usr/lib/@{multiarch}/samba/**/ r,
/usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,
/usr/share/samba/** r,
/usr/{bin,sbin}/smbd mr,
/usr/{bin,sbin}/smbldap-useradd Px,
/var/cache/samba/** rwk,
/var/{cache,lib}/samba/printing/printers.tdb mrw,
/var/lib/nscd/netgroup r,
/var/lib/samba/** rwk,
/var/lib/sss/pubconf/kdcinfo.* r,
@{run}/dbus/system_bus_socket rw,
@{run}/{,samba/}smbd.pid rwk,
@{run}/samba/** rk,
@{run}/samba/ncalrpc/ rw,
@{run}/samba/ncalrpc/** rw,
/var/spool/samba/** rw,
@{HOMEDIRS}/** lrwk,
/var/lib/samba/usershares/{,**} lrwk,
# Permissions for all configured shares (file autogenerated by
# update-apparmor-samba-profile on service startup on Debian and openSUSE)
include if exists <samba/smbd-shares>
include if exists <local/usr.sbin.smbd-shares>
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.smbd>
}
Reference in a new issue View git blame Copy permalink