mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d/samba-bgqd
nl6720 a9fa20a456
profiles/apparmor.d/samba*: allow access to pid files directly in /run/ 
On Arch Linux, `samba-dcerpcd.pid` is in `/run/`, not `/run/samba/`.

   apparmor="DENIED" operation="mknod" profile="samba-dcerpcd" name="/run/samba-dcerpcd.pid" pid=80920 comm="samba-dcerpcd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

The same is true for `nmbd.pid`, `smbd.pid` and probably others too.

(cherry picked from commit 6f0d2ef7fe)
2023-02-27 20:37:38 +01:00

24 lines
610 B
Text
Raw Blame History

abi <abi/3.0>,
include <tunables/global>
profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd {
include <abstractions/base>
include <abstractions/cups-client>
include <abstractions/nameservice>
include <abstractions/openssl>
include <abstractions/samba>
signal receive set=term peer=smbd,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/fd/ r,
@{run}/{,samba/}samba-bgqd.pid rwk,
/usr/lib*/samba/{,samba/}samba-bgqd mr,
/var/cache/samba/printing/*.tdb rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-bgqd>
}
Reference in a new issue View git blame Copy permalink