File apparmor-profiles-samba-3.6.3.diff of Package apparmor.openSUSE_11.4_Update
diff -u -p -Nur profiles/apparmor.d_ORIG/abstractions/samba profiles/apparmor.d/abstractions/samba
--- profiles/apparmor.d_ORIG/abstractions/samba 2011-08-11 19:33:08.000000000 +0200
+++ profiles/apparmor.d/abstractions/samba 2012-04-26 22:33:05.000000000 +0200
@@ -14,7 +14,7 @@
/usr/share/samba/*.dat r,
/var/lib/samba/**.tdb rwk,
/var/log/samba/cores/ rw,
- /var/log/samba/cores/* rw,
+ /var/log/samba/cores/** rw,
/var/log/samba/log.* w,
/var/run/samba/*.tdb rw,
diff -u -p -Nur profiles/apparmor.d_ORIG/usr.sbin.nmbd profiles/apparmor.d/usr.sbin.nmbd
--- profiles/apparmor.d_ORIG/usr.sbin.nmbd 2011-08-11 19:33:08.000000000 +0200
+++ profiles/apparmor.d/usr.sbin.nmbd 2012-04-26 22:38:35.000000000 +0200
@@ -9,7 +9,13 @@
capability net_bind_service,
+ /proc/sys/kernel/core_pattern r,
/usr/sbin/nmbd mr,
+ /var/{cache,lib}/samba/sync.* rw,
+ /var/{cache,lib}/samba/unexpected rw,
+ /var/{cache,lib}/samba/smb_krb5/krb5.conf* rw,
+ /var/{cache,lib}/samba/smb_krb5/ rw,
+ /var/{cache,lib}/samba/smb_tmp_krb5.* rw,
/var/cache/samba/browse.dat* rw,
/var/lib/samba/browse.dat* rw,
/var/lib/samba/wins.dat* rw,
diff -u -p -Nur profiles/apparmor.d_ORIG/usr.sbin.smbd profiles/apparmor.d/usr.sbin.smbd
--- profiles/apparmor.d_ORIG/usr.sbin.smbd 2011-08-11 19:33:08.000000000 +0200
+++ profiles/apparmor.d/usr.sbin.smbd 2012-04-26 22:36:45.000000000 +0200
@@ -12,6 +12,10 @@
#include <abstractions/user-tmp>
#include <abstractions/wutmp>
+ capability dac_override,
+ capability dac_read_search,
+ capability fowner,
+ capability lease,
capability net_bind_service,
capability setgid,
capability setuid,
@@ -19,12 +23,19 @@
capability sys_tty_config,
/etc/mtab r,
+ /etc/netgroup r,
/etc/printcap r,
/proc/*/mounts r,
+ /proc/sys/kernel/core_pattern r,
/usr/sbin/smbd mr,
/etc/samba/* rwk,
/etc/samba/passdb.tdb rwk,
/etc/samba/secrets.tdb rwk,
+ /usr/lib*/samba/auth/script.so mr,
+ /usr/lib*/samba/charset/*.so mr,
+ /usr/lib*/samba/{lowercase,upcase,valid}.dat r,
+ /usr/lib*/samba/vfs/*.so mr,
+ /usr/sbin/smbldap-useradd Px,
/var/cache/samba/** rwk,
/var/cache/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
diff -u -p -Nur profiles/apparmor.d_ORIG/usr.sbin.smbldap-useradd profiles/apparmor.d/usr.sbin.smbldap-useradd
--- profiles/apparmor.d_ORIG/usr.sbin.smbldap-useradd 1970-01-01 01:00:00.000000000 +0100
+++ profiles/apparmor.d/usr.sbin.smbldap-useradd 2012-04-26 22:37:09.000000000 +0200
@@ -0,0 +1,34 @@
+# Last Modified: Tue Jan 3 00:17:40 2012
+#include <tunables/global>
+
+/usr/sbin/smbldap-useradd {
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/nameservice>
+ #include <abstractions/perl>
+
+ /dev/tty rw,
+ /bin/bash ix,
+ /etc/init.d/nscd Cx,
+ /etc/shadow r,
+ /etc/smbldap-tools/smbldap.conf r,
+ /etc/smbldap-tools/smbldap_bind.conf r,
+ /usr/sbin/smbldap-useradd r,
+ /usr/sbin/smbldap_tools.pm r,
+ /var/log/samba/log.smbd w,
+
+ profile /etc/init.d/nscd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability sys_ptrace,
+
+ /bin/bash r,
+ /bin/mountpoint rix,
+ /bin/systemctl rix,
+ /dev/tty rw,
+ /etc/init.d/nscd r,
+ /etc/rc.status r,
+
+ }
+}
