File samba-4-17.patch of Package apparmor
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/abstractions/samba apparmor-3.0.4/profiles/apparmor.d/abstractions/samba
--- apparmor-3.0.4.orig/profiles/apparmor.d/abstractions/samba 2022-12-23 18:47:52.625736048 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/abstractions/samba 2022-12-23 18:49:13.908999253 +0100
@@ -25,9 +25,9 @@
/var/log/samba/cores/** rw,
/var/log/samba/* w,
@{run}/{,lock/}samba/ w,
- @{run}/{,lock/}samba/*.tdb rw,
- @{run}/{,lock/}samba/msg.lock/ rwk,
- @{run}/{,lock/}samba/msg.lock/[0-9]* rwk,
+ @{run}/{,lock/}samba/*.tdb rwk,
+ @{run}/{,lock/}samba/msg.{lock,sock}/ rwk,
+ @{run}/{,lock/}samba/msg.{lock,sock}/[0-9]* rwk,
/var/cache/samba/msg.lock/ rwk,
/var/cache/samba/msg.lock/[0-9]* rwk,
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/samba-bgqd apparmor-3.0.4/profiles/apparmor.d/samba-bgqd
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-bgqd 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/samba-bgqd 2022-12-23 18:53:18.114785651 +0100
@@ -2,7 +2,7 @@ abi <abi/3.0>,
include <tunables/global>
-profile samba-bgqd /usr/lib*/samba/samba-bgqd {
+profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd {
include <abstractions/base>
include <abstractions/cups-client>
include <abstractions/nameservice>
@@ -16,7 +16,8 @@ profile samba-bgqd /usr/lib*/samba/samba
@{run}/samba/samba-bgqd.pid wk,
- /usr/lib*/samba/samba-bgqd m,
+ /usr/lib*/samba/{,samba/}samba-bgqd mr,
+ /var/cache/samba/printing/*.tdb rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-bgqd>
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/samba-dcerpcd apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-dcerpcd 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd 2022-12-23 18:53:09.022868064 +0100
@@ -13,14 +13,17 @@ abi <abi/3.0>,
include <tunables/global>
-profile samba-dcerpcd /usr/lib*/samba/samba-dcerpcd {
+profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
include <abstractions/samba-rpcd>
@{run}/samba/samba-dcerpcd.pid wk,
- /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
- /usr/lib*/samba/rpcd_classic Px -> samba-rpcd-classic,
- /usr/lib*/samba/rpcd_spoolss Px -> samba-rpcd-spoolss,
+ /usr/lib*/samba/{,samba/}samba-dcerpcd mr,
+
+ /usr/lib*/samba/ r,
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+ /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
+ /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
@{run}/samba/ncalrpc/ rw,
@{run}/samba/ncalrpc/** rw,
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd 2022-12-23 18:54:17.186250195 +0100
@@ -13,8 +13,12 @@ abi <abi/3.0>,
include <tunables/global>
-profile samba-rpcd /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
include <abstractions/samba-rpcd>
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+
+ @{run}/samba/ncalrpc/np/winreg wr,
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-rpcd>
}
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd-classic apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd-classic 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic 2022-12-23 18:54:44.486002731 +0100
@@ -13,10 +13,12 @@ abi <abi/3.0>,
include <tunables/global>
-profile samba-rpcd-classic /usr/lib*/samba/rpcd_classic {
+profile samba-rpcd-classic /usr/lib*/samba/{,samba/}rpcd_classic {
include <abstractions/samba-rpcd>
include <abstractions/wutmp>
+ /usr/lib*/samba/{,samba/}rpcd_classic mr,
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-rpcd-classic>
}
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd-spoolss apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
--- apparmor-3.0.4.orig/profiles/apparmor.d/samba-rpcd-spoolss 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss 2022-12-23 18:55:10.177769851 +0100
@@ -13,10 +13,19 @@ abi <abi/3.0>,
include <tunables/global>
-profile samba-rpcd-spoolss /usr/lib*/samba/rpcd_spoolss {
+profile samba-rpcd-spoolss /usr/lib*/samba/{,samba/}rpcd_spoolss {
include <abstractions/samba-rpcd>
- /usr/lib*/samba/samba-bgqd Px -> samba-bgqd,
+ /usr/lib*/samba/{,samba/}rpcd_spoolss mr,
+ /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+ /var/cache/samba/printing/ w,
+ /var/cache/samba/printing/*.tdb rwk,
+ @{run}/samba/samba-bgqd.pid rk,
+
+ /dev/urandom rw,
+
+ @{run}/samba/ncalrpc/ rw,
+ @{run}/samba/ncalrpc/** rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-rpcd-spoolss>
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.smbd apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd
--- apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.smbd 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd 2022-12-23 18:56:03.581285769 +0100
@@ -38,12 +38,13 @@ profile smbd /usr/{bin,sbin}/smbd {
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/gensec/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
- /usr/lib*/samba/samba-bgqd Px -> samba-bgqd,
- /usr/lib*/samba/samba-dcerpcd Px -> samba-dcerpcd,
+ /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+ /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
/usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
/usr/lib/@{multiarch}/samba/**/ r,
/usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,
+ /usr/share/samba/** r,
/usr/{bin,sbin}/smbd mr,
/usr/{bin,sbin}/smbldap-useradd Px,
/var/cache/samba/** rwk,
@@ -61,9 +62,10 @@ profile smbd /usr/{bin,sbin}/smbd {
@{HOMEDIRS}/** lrwk,
/var/lib/samba/usershares/{,**} lrwk,
- # permissions for all configured shares
- # autogenerated by update-apparmor-samba-profile at samba start
- include <local/usr.sbin.smbd-shares>
+ # Permissions for all configured shares (file autogenerated by
+ # update-apparmor-samba-profile on service startup on Debian and openSUSE)
+ include if exists <samba/smbd-shares>
+ include if exists <local/usr.sbin.smbd-shares>
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.smbd>
diff -ruNp apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.winbindd apparmor-3.0.4/profiles/apparmor.d/usr.sbin.winbindd
--- apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.winbindd 2022-12-23 18:47:52.629736012 +0100
+++ apparmor-3.0.4/profiles/apparmor.d/usr.sbin.winbindd 2022-12-23 18:56:24.553095669 +0100
@@ -26,7 +26,7 @@ profile winbindd /usr/{bin,sbin}/winbind
/usr/lib*/samba/idmap/*.so mr,
/usr/lib*/samba/nss_info/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
- /usr/lib*/samba/samba-dcerpcd Px -> samba-dcerpcd,
+ /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/{bin,sbin}/winbindd mr,
/var/cache/krb5rcache/* rwk,
/var/cache/samba/*.tdb rwk,
