mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
a9fa20a456
On Arch Linux, `samba-dcerpcd.pid` is in `/run/`, not `/run/samba/`.
apparmor="DENIED" operation="mknod" profile="samba-dcerpcd" name="/run/samba-dcerpcd.pid" pid=80920 comm="samba-dcerpcd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
The same is true for `nmbd.pid`, `smbd.pid` and probably others too.
(cherry picked from commit 6f0d2ef7fe)
32 lines
1 KiB
Text
32 lines
1 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2022 SUSE LLC
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim:syntax=apparmor
|
|
|
|
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
|
|
include <abstractions/samba-rpcd>
|
|
|
|
@{run}/{,samba/}samba-dcerpcd.pid rwk,
|
|
|
|
/usr/lib*/samba/{,samba/}samba-dcerpcd mr,
|
|
|
|
/usr/lib*/samba/ r,
|
|
/usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
|
|
/usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
|
|
/usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
|
|
|
|
@{run}/samba/ncalrpc/ rw,
|
|
@{run}/samba/ncalrpc/** rw,
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/samba-dcerpcd>
|
|
}
|