[Pkg-samba-maint] Bug#896080: Improve samba/AppArmor integration
Mathieu Parent
math.parent at gmail.com
Thu Feb 21 20:26:58 GMT 2019
Hello,
As a last-minute fix for buster, I want to fix "#896080 samba: Improve
AppArmor integration" [SambaAppArmor].
I've prepared the fixes [Diff], inspired by what is done in Suse. But
they also patch apparmor-profiles [AppArmor-Patch]. This solution does
not conforms to policy as a file owned by a package could not be
changed by another one (/etc/apparmor.d/local/usr.sbin.smbd-shares
owned by apparmor-profiles, changed by samba).
I can add in samba's README the need to add "#include
<local/usr.sbin.smbd-shares>" in /etc/apparmor.d/usr.sbin.smbd, but
maybe you have a better solution? Maybe use dpkg-diversion?
Regards
--
Mathieu Parent
[SambaAppArmor]: https://bugs.debian.org/896080
[Diff]: https://salsa.debian.org/samba-team/samba/compare/874f9270b6f743c4d0c3eb1a1a3e1fa814bf25cc...bd4c1577a9b
[AppArmor-Patch]:
https://build.opensuse.org/package/view_file/openSUSE:Factory/apparmor/apparmor-samba-include-permissions-for-shares.diff?expand=1
More information about the Pkg-samba-maint
mailing list