logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

usr.sbin.smbd (2156B)

    

  1. abi <abi/3.0>,
  3. include <tunables/global>
  5. profile smbd /usr/{bin,sbin}/smbd {
  6.   include <abstractions/authentication>
  7.   include <abstractions/base>
  8.   include <abstractions/consoles>
  9.   include <abstractions/cups-client>
  10.   include <abstractions/nameservice>
  11.   include <abstractions/openssl>
  12.   include <abstractions/samba>
  13.   include <abstractions/user-tmp>
  14.   include <abstractions/wutmp>
  16.   capability audit_write,
  17.   capability dac_override,
  18.   capability dac_read_search,
  19.   capability fowner,
  20.   capability lease,
  21.   capability net_bind_service,
  22.   capability setgid,
  23.   capability setuid,
  24.   capability sys_admin,
  25.   capability sys_resource,
  26.   capability sys_tty_config,
  28.   signal send set=term peer=samba-bgqd,
  30.   /etc/mtab r,
  31.   /etc/netgroup r,
  32.   /etc/printcap r,
  33.   /etc/samba/* rwk,
  34.   @{PROC}/@{pid}/mounts r,
  35.   @{PROC}/sys/kernel/core_pattern r,
  36.   /usr/lib*/samba/vfs/*.so mr,
  37.   /usr/lib*/samba/auth/*.so mr,
  38.   /usr/lib*/samba/charset/*.so mr,
  39.   /usr/lib*/samba/gensec/*.so mr,
  40.   /usr/lib*/samba/pdb/*.so mr,
  41.   /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
  42.   /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
  43.   /usr/lib*/samba/{lowcase,upcase,valid}.dat r,
  44.   /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
  45.   /usr/lib/@{multiarch}/samba/**/ r,
  46.   /usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,
  47.   /usr/share/samba/** r,
  48.   /usr/{bin,sbin}/smbd mr,
  49.   /usr/{bin,sbin}/smbldap-useradd Px,
  50.   /var/cache/samba/** rwk,
  51.   /var/{cache,lib}/samba/printing/printers.tdb mrw,
  52.   /var/lib/nscd/netgroup r,
  53.   /var/lib/samba/** rwk,
  54.   /var/lib/sss/pubconf/kdcinfo.* r,
  55.   @{run}/dbus/system_bus_socket rw,
  56.   @{run}/{,samba/}smbd.pid rwk,
  57.   @{run}/samba/** rk,
  58.   @{run}/samba/ncalrpc/ rw,
  59.   @{run}/samba/ncalrpc/** rw,
  60.   /var/spool/samba/** rw,
  62.   @{HOMEDIRS}/** lrwk,
  63.   /var/lib/samba/usershares/{,**} lrwk,
  65.   # Permissions for all configured shares (file autogenerated by
  66.   # update-apparmor-samba-profile on service startup on Debian and openSUSE)
  67.   include if exists <samba/smbd-shares>
  68.   include if exists <local/usr.sbin.smbd-shares>
  70.   # Site-specific additions and overrides. See local/README for details.
  71.   include if exists <local/usr.sbin.smbd>
  72. }