Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
samba (2:4.9.4+dfsg-4) UNRELEASED; urgency=medium
* samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242)
* Improve AppArmor integration (Closes: #896080)
- Install update-apparmor-samba-profile from Christian Boltz (SUSE)
- smbd.init: Run update-apparmor-samba-profile before start
- smbd.service: Run update-apparmor-samba-profile before start
-- Mathieu Parent <sathieu@debian.org> Thu, 21 Feb 2019 21:13:26 +0100
samba (2:4.9.4+dfsg-3) unstable; urgency=medium
[ Ivo De Decker ]
......
......@@ -109,7 +109,8 @@ Multi-Arch: same
Architecture: any
Section: libs
Depends: ${misc:Depends}, ${shlibs:Depends}
Replaces: samba (<< 2:4.3.3+dfsg-1)
Breaks: libndr-standard0 (<< 4)
Replaces: samba (<< 2:4.3.3+dfsg-1), libndr-standard0 (<< 4)
Description: Samba core libraries
Samba is an implementation of the SMB/CIFS protocol for Unix systems,
providing support for cross-platform file sharing with Microsoft Windows, OS X,
......
......@@ -9,3 +9,4 @@ heimdal-rfc3454.txt
nsswitch-Add-try_authtok-option-to-pam_winbind.patch
s3-auth-ignore-create_builtin_guests-failing-without.patch
python-gpg.patch
smbd.service-Run-update-apparmor-samba-profile-befor.patch
From 0ecd28ff3fd7f3d5c20705a2b8233fc8648cbf9c Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.parent@gmail.com>
Date: Thu, 21 Feb 2019 21:04:30 +0100
Subject: [PATCH] smbd.service: Run update-apparmor-samba-profile before start
Bug-Debian: https://bugs.debian.org/896080
---
packaging/systemd/smb.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/packaging/systemd/smb.service.in b/packaging/systemd/smb.service.in
index 18912ef0e98..6bb24861682 100644
--- a/packaging/systemd/smb.service.in
+++ b/packaging/systemd/smb.service.in
@@ -10,6 +10,7 @@ NotifyAccess=all
PIDFile=@PIDDIR@/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
+ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
--
2.20.1
......@@ -124,6 +124,7 @@ override_dh_auto_install:
# Debian goodies
cp debian/smb.conf* $(DESTDIR)/usr/share/samba/
install -m755 debian/panic-action $(DESTDIR)/usr/share/samba/panic-action
install -m755 debian/update-apparmor-samba-profile $(DESTDIR)/usr/share/samba/update-apparmor-samba-profile
cp debian/gdbcommands $(DESTDIR)/etc/samba/
mkdir -p $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d
install -m755 debian/samba-common.dhcp $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d/samba
......
......@@ -42,3 +42,4 @@ usr/share/man/man8/samba-gpupdate.8
usr/share/man/man8/samba.8
usr/share/man/man8/smbd.8
usr/share/samba/setup
usr/share/samba/update-apparmor-samba-profile
......@@ -31,6 +31,11 @@ case $1 in
exit 0
fi
# Update /etc/apparmor.d/local/usr.sbin.smbd-shares
if [ -x /usr/share/samba/update-apparmor-samba-profile ]; then
/usr/share/samba/update-apparmor-samba-profile || exit $?
fi
log_daemon_msg "Starting SMB/CIFS daemon" smbd
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
......
#!/bin/bash
# update apparmor profile sniplet based on samba configuration
#
# This script creates and updates a profile sniplet with permissions for all
# samba shares, except
# - paths with variables (anything containing a % sign)
# - "/" - if someone is insane enough to share his complete filesystem, he'll have
# to modify the apparmor profile himself
# (c) Christian Boltz 2011-2016
# This script is licensed under the GPL v2 or, at your choice, any later version.
# exit silently - used if no profile update is needed
silentexit() {
# echo "$@"
exit 0
}
# exit with an error message
verboseexit() {
echo "$@" >&2
exit 1
}
# if you change this script, _always_ update the version to force an update of the profile sniplet
versionstring="${0##*/} 1.1"
aastatus="/usr/sbin/aa-status"
aaparser="/sbin/apparmor_parser"
loadedprofiles="/sys/kernel/security/apparmor/profiles"
smbconf="/etc/samba/smb.conf"
smbd_profile="/etc/apparmor.d/usr.sbin.smbd"
profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares"
tmp_profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares.new"
# test -x "$aastatus" || silentexit "apparmor not installed"
# "$aastatus" --enabled || silentexit "apparmor not loaded (or not running as root)"
test -e "$loadedprofiles" || silentexit "apparmor not loaded"
test -e "$profilesniplet" || silentexit "apparmor profile snippet not available"
test -r "$loadedprofiles" || verboseexit "no read permissions for $loadedprofiles - not running as root?"
widelinks=$(testparm -s --parameter-name "wide links" 2>/dev/null)
test "$widelinks" == "Yes" && {
echo "[$(date '+%Y/%m/%d %T')] $(basename $0)"
echo ' WARNING: "wide links" enabled. You might need to modify the smbd apparmor profile manually.'
} >> /var/log/samba/log.smbd
grep -q "$versionstring" "$profilesniplet" && {
test "$smbconf" -nt "$profilesniplet" || silentexit "smb.conf is older than the AppArmor profile sniplet"
}
{
echo "# autogenerated by $versionstring at samba start - do not edit!"
echo ""
testparm -s 2>/dev/null |sed -n '/^[ \t]*path[ \t]*=[ \t]*[^% \t]\{2,\}/ s^[ \t]*path[ \t]*=[ \t]*\([^%]*\)$"\1/" rk,\n"\1/**" rwkl,p'
} > "$tmp_profilesniplet"
diff "$profilesniplet" "$tmp_profilesniplet" >/dev/null && {
rm -f "$tmp_profilesniplet"
touch "$profilesniplet" # update timestamp - otherwise we'll have to check again on the next run
silentexit "profile sniplet unchanged"
}
mv -f "$tmp_profilesniplet" "$profilesniplet"
grep -q '^/usr/sbin/smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
echo "Reloading updated AppArmor profile for Samba..."
# reload profile
"$aaparser" -r "$smbd_profile"
......@@ -10,6 +10,7 @@ NotifyAccess=all
PIDFile=@PIDDIR@/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
......