[Pkg-samba-maint] [Git][samba-team/samba][master] 4 commits: Update update-apparmor-samba-profile to 1.2

Mathieu Parent gitlab at salsa.debian.org
Tue Feb 26 22:19:00 GMT 2019


Mathieu Parent pushed to branch master at Debian Samba Team / samba


Commits:
4109af5a by Mathieu Parent at 2019-02-26T21:07:15Z
Update update-apparmor-samba-profile to 1.2

>From https://bugzilla.opensuse.org/show_bug.cgi?id=1126377,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896080#26

- - - - -
a02e8cbb by Mathieu Parent at 2019-02-26T21:17:39Z
Rename apparmor profile snippet, and test for it's directory

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896080#71

- - - - -
909c276d by Mathieu Parent at 2019-02-26T21:18:03Z
Remove /etc/apparmor.d/samba/smbd-shares on purge

- - - - -
acff585f by Mathieu Parent at 2019-02-26T21:18:27Z
Release 2:4.9.4+dfsg-4

- - - - -


4 changed files:

- debian/changelog
- debian/samba.dirs
- debian/samba.postrm
- debian/update-apparmor-samba-profile


Changes:

=====================================
debian/changelog
=====================================
@@ -1,12 +1,15 @@
-samba (2:4.9.4+dfsg-4) UNRELEASED; urgency=medium
+samba (2:4.9.4+dfsg-4) unstable; urgency=medium
 
   * samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242)
   * Improve AppArmor integration (Closes: #896080)
-    - Install update-apparmor-samba-profile from Christian Boltz (SUSE)
+    - Install update-apparmor-samba-profile 1.2 from Christian Boltz (openSUSE)
+    - Adapt update-apparmor-samba-profile: Rename apparmor profile snippet, and
+      test for it's directory
     - smbd.init: Run update-apparmor-samba-profile before start
     - smbd.service: Run update-apparmor-samba-profile before start
+    - Remove /etc/apparmor.d/samba/smbd-shares on purge
 
- -- Mathieu Parent <sathieu at debian.org>  Thu, 21 Feb 2019 21:13:26 +0100
+ -- Mathieu Parent <sathieu at debian.org>  Tue, 26 Feb 2019 22:18:19 +0100
 
 samba (2:4.9.4+dfsg-3) unstable; urgency=medium
 


=====================================
debian/samba.dirs
=====================================
@@ -1,3 +1,4 @@
+etc/apparmor.d/samba
 usr/bin
 usr/sbin
 var/lib/samba/printers/COLOR


=====================================
debian/samba.postrm
=====================================
@@ -13,6 +13,10 @@ if [ "$1" = purge ]; then
 		# Remove masking done by postinst (#832352)
 		rm /etc/systemd/system/samba-ad-dc.service
 	fi
+
+	if [ -f /etc/apparmor.d/samba/smbd-shares ]; then
+		rm /etc/apparmor.d/samba/smbd-shares
+	fi
 fi
 
 #DEBHELPER#


=====================================
debian/update-apparmor-samba-profile
=====================================
@@ -8,7 +8,7 @@
 # - "/" - if someone is insane enough to share his complete filesystem, he'll have
 #   to modify the apparmor profile himself
 
-# (c) Christian Boltz 2011-2016
+# (c) Christian Boltz 2011-2019
 # This script is licensed under the GPL v2 or, at your choice, any later version.
 
 
@@ -25,7 +25,7 @@ verboseexit() {
 }
 
 # if you change this script, _always_ update the version to force an update of the profile sniplet
-versionstring="${0##*/} 1.1"
+versionstring="${0##*/} 1.2+deb"
 
 aastatus="/usr/sbin/aa-status"
 aaparser="/sbin/apparmor_parser"
@@ -33,13 +33,13 @@ loadedprofiles="/sys/kernel/security/apparmor/profiles"
 
 smbconf="/etc/samba/smb.conf"
 smbd_profile="/etc/apparmor.d/usr.sbin.smbd"
-profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares"
-tmp_profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares.new"
+profilesniplet="/etc/apparmor.d/samba/smbd-shares"
+tmp_profilesniplet="/etc/apparmor.d/samba/smbd-shares.new"
 
 # test -x "$aastatus" || silentexit "apparmor not installed"
 # "$aastatus" --enabled || silentexit "apparmor not loaded (or not running as root)"
 test -e "$loadedprofiles" || silentexit "apparmor not loaded"
-test -e "$profilesniplet" || silentexit "apparmor profile snippet not available"
+test -d "/etc/apparmor.d/samba" || silentexit "directory for samba profile snippet doesn't exist"
 test -r "$loadedprofiles" || verboseexit "no read permissions for $loadedprofiles - not running as root?"
 
 widelinks=$(testparm -s --parameter-name "wide links" 2>/dev/null)
@@ -66,7 +66,7 @@ diff "$profilesniplet" "$tmp_profilesniplet" >/dev/null && {
 
 mv -f "$tmp_profilesniplet" "$profilesniplet"
 
-grep -q '^/usr/sbin/smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
+grep -q '^/usr/sbin/smbd (\|^smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
 
 echo "Reloading updated AppArmor profile for Samba..."
 



View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/bd4c1577a9b99a501584fe3a663f54f47c91c600...acff585f2bf3e577f18d47dfff83ddf954202e1e

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/bd4c1577a9b99a501584fe3a663f54f47c91c600...acff585f2bf3e577f18d47dfff83ddf954202e1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20190226/0d97716f/attachment-0001.html>


More information about the Pkg-samba-maint mailing list