Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
samba (2:4.9.4+dfsg-4) UNRELEASED; urgency=medium
samba (2:4.9.4+dfsg-4) unstable; urgency=medium
* samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242)
* Improve AppArmor integration (Closes: #896080)
- Install update-apparmor-samba-profile from Christian Boltz (SUSE)
- Install update-apparmor-samba-profile 1.2 from Christian Boltz (openSUSE)
- Adapt update-apparmor-samba-profile: Rename apparmor profile snippet, and
test for it's directory
- smbd.init: Run update-apparmor-samba-profile before start
- smbd.service: Run update-apparmor-samba-profile before start
- Remove /etc/apparmor.d/samba/smbd-shares on purge
-- Mathieu Parent <sathieu@debian.org> Thu, 21 Feb 2019 21:13:26 +0100
-- Mathieu Parent <sathieu@debian.org> Tue, 26 Feb 2019 22:18:19 +0100
samba (2:4.9.4+dfsg-3) unstable; urgency=medium
......
etc/apparmor.d/samba
usr/bin
usr/sbin
var/lib/samba/printers/COLOR
......
......@@ -13,6 +13,10 @@ if [ "$1" = purge ]; then
# Remove masking done by postinst (#832352)
rm /etc/systemd/system/samba-ad-dc.service
fi
if [ -f /etc/apparmor.d/samba/smbd-shares ]; then
rm /etc/apparmor.d/samba/smbd-shares
fi
fi
#DEBHELPER#
......@@ -8,7 +8,7 @@
# - "/" - if someone is insane enough to share his complete filesystem, he'll have
# to modify the apparmor profile himself
# (c) Christian Boltz 2011-2016
# (c) Christian Boltz 2011-2019
# This script is licensed under the GPL v2 or, at your choice, any later version.
......@@ -25,7 +25,7 @@ verboseexit() {
}
# if you change this script, _always_ update the version to force an update of the profile sniplet
versionstring="${0##*/} 1.1"
versionstring="${0##*/} 1.2+deb"
aastatus="/usr/sbin/aa-status"
aaparser="/sbin/apparmor_parser"
......@@ -33,13 +33,13 @@ loadedprofiles="/sys/kernel/security/apparmor/profiles"
smbconf="/etc/samba/smb.conf"
smbd_profile="/etc/apparmor.d/usr.sbin.smbd"
profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares"
tmp_profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares.new"
profilesniplet="/etc/apparmor.d/samba/smbd-shares"
tmp_profilesniplet="/etc/apparmor.d/samba/smbd-shares.new"
# test -x "$aastatus" || silentexit "apparmor not installed"
# "$aastatus" --enabled || silentexit "apparmor not loaded (or not running as root)"
test -e "$loadedprofiles" || silentexit "apparmor not loaded"
test -e "$profilesniplet" || silentexit "apparmor profile snippet not available"
test -d "/etc/apparmor.d/samba" || silentexit "directory for samba profile snippet doesn't exist"
test -r "$loadedprofiles" || verboseexit "no read permissions for $loadedprofiles - not running as root?"
widelinks=$(testparm -s --parameter-name "wide links" 2>/dev/null)
......@@ -66,7 +66,7 @@ diff "$profilesniplet" "$tmp_profilesniplet" >/dev/null && {
mv -f "$tmp_profilesniplet" "$profilesniplet"
grep -q '^/usr/sbin/smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
grep -q '^/usr/sbin/smbd (\|^smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
echo "Reloading updated AppArmor profile for Samba..."
......