https://bugzilla.novell.com/show_bug.cgi?id=713728 https://bugzilla.novell.com/show_bug.cgi?id=713728#c2 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |jeffm@novell.com, | |suse-beta@cboltz.de AssignedTo|jeffm@novell.com |suse-beta@cboltz.de --- Comment #2 from Christian Boltz <suse-beta@cboltz.de> 2011-08-23 22:24:01 CEST --- Difference / patch against current upstream (AppArmor 2.7 beta1): === modified file 'profiles/apparmor.d/usr.sbin.nmbd' --- profiles/apparmor.d/usr.sbin.nmbd 2011-07-14 12:57:57 +0000 +++ profiles/apparmor.d/usr.sbin.nmbd 2011-08-23 20:16:07 +0000 @@ -7,8 +7,12 @@ capability net_bind_service, + /etc/samba/dhcp.conf r, + /proc/sys/kernel/core_pattern r, /usr/sbin/nmbd mr, /var/cache/samba/browse.dat* rw, + /var/lib/samba/* w, + /var/lib/samba/browse.dat. rw, /var/lib/samba/wins.dat* rw, /{,var/}run/samba/** rk, /{,var/}run/samba/nmbd.pid rw, === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-07-14 12:57:57 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-08-23 20:14:45 +0000 @@ -18,7 +18,11 @@ /etc/mtab r, /etc/printcap r, + /etc/samba/dhcp.conf r, + /etc/samba/passdb.tdb rwk, + /etc/samba/secrets.tdb rwk, /proc/*/mounts r, + /proc/sys/kernel/core_pattern r, /usr/sbin/smbd mr, /var/cache/samba/** rwk, /var/cache/samba/printing/printers.tdb mrw, I'm a bit worried about the /var/lib/samba/* w, in the nmbd profile. Can you restrict that to specific files? If unsure, attach your /var/log/audit/audit.log and I'll check it myself. Note to myself: Some of these changes are already in the apparmor-profiles-samba-11.4/apparmor-profiles-samba-updated patch (only applied on 11.4:Update, not in Factory) that is currently pending for review upstream. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.