[Pkg-samba-maint] [Git][samba-team/samba][master] 4 commits: Update update-apparmor-samba-profile to 1.2
Mathieu Parent
gitlab at salsa.debian.org
Tue Feb 26 22:19:00 GMT 2019
Mathieu Parent pushed to branch master at Debian Samba Team / samba
Commits:
4109af5a by Mathieu Parent at 2019-02-26T21:07:15Z
Update update-apparmor-samba-profile to 1.2
>From https://bugzilla.opensuse.org/show_bug.cgi?id=1126377,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896080#26
- - - - -
a02e8cbb by Mathieu Parent at 2019-02-26T21:17:39Z
Rename apparmor profile snippet, and test for it's directory
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896080#71
- - - - -
909c276d by Mathieu Parent at 2019-02-26T21:18:03Z
Remove /etc/apparmor.d/samba/smbd-shares on purge
- - - - -
acff585f by Mathieu Parent at 2019-02-26T21:18:27Z
Release 2:4.9.4+dfsg-4
- - - - -
4 changed files:
- debian/changelog
- debian/samba.dirs
- debian/samba.postrm
- debian/update-apparmor-samba-profile
Changes:
=====================================
debian/changelog
=====================================
@@ -1,12 +1,15 @@
-samba (2:4.9.4+dfsg-4) UNRELEASED; urgency=medium
+samba (2:4.9.4+dfsg-4) unstable; urgency=medium
* samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242)
* Improve AppArmor integration (Closes: #896080)
- - Install update-apparmor-samba-profile from Christian Boltz (SUSE)
+ - Install update-apparmor-samba-profile 1.2 from Christian Boltz (openSUSE)
+ - Adapt update-apparmor-samba-profile: Rename apparmor profile snippet, and
+ test for it's directory
- smbd.init: Run update-apparmor-samba-profile before start
- smbd.service: Run update-apparmor-samba-profile before start
+ - Remove /etc/apparmor.d/samba/smbd-shares on purge
- -- Mathieu Parent <sathieu at debian.org> Thu, 21 Feb 2019 21:13:26 +0100
+ -- Mathieu Parent <sathieu at debian.org> Tue, 26 Feb 2019 22:18:19 +0100
samba (2:4.9.4+dfsg-3) unstable; urgency=medium
=====================================
debian/samba.dirs
=====================================
@@ -1,3 +1,4 @@
+etc/apparmor.d/samba
usr/bin
usr/sbin
var/lib/samba/printers/COLOR
=====================================
debian/samba.postrm
=====================================
@@ -13,6 +13,10 @@ if [ "$1" = purge ]; then
# Remove masking done by postinst (#832352)
rm /etc/systemd/system/samba-ad-dc.service
fi
+
+ if [ -f /etc/apparmor.d/samba/smbd-shares ]; then
+ rm /etc/apparmor.d/samba/smbd-shares
+ fi
fi
#DEBHELPER#
=====================================
debian/update-apparmor-samba-profile
=====================================
@@ -8,7 +8,7 @@
# - "/" - if someone is insane enough to share his complete filesystem, he'll have
# to modify the apparmor profile himself
-# (c) Christian Boltz 2011-2016
+# (c) Christian Boltz 2011-2019
# This script is licensed under the GPL v2 or, at your choice, any later version.
@@ -25,7 +25,7 @@ verboseexit() {
}
# if you change this script, _always_ update the version to force an update of the profile sniplet
-versionstring="${0##*/} 1.1"
+versionstring="${0##*/} 1.2+deb"
aastatus="/usr/sbin/aa-status"
aaparser="/sbin/apparmor_parser"
@@ -33,13 +33,13 @@ loadedprofiles="/sys/kernel/security/apparmor/profiles"
smbconf="/etc/samba/smb.conf"
smbd_profile="/etc/apparmor.d/usr.sbin.smbd"
-profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares"
-tmp_profilesniplet="/etc/apparmor.d/local/usr.sbin.smbd-shares.new"
+profilesniplet="/etc/apparmor.d/samba/smbd-shares"
+tmp_profilesniplet="/etc/apparmor.d/samba/smbd-shares.new"
# test -x "$aastatus" || silentexit "apparmor not installed"
# "$aastatus" --enabled || silentexit "apparmor not loaded (or not running as root)"
test -e "$loadedprofiles" || silentexit "apparmor not loaded"
-test -e "$profilesniplet" || silentexit "apparmor profile snippet not available"
+test -d "/etc/apparmor.d/samba" || silentexit "directory for samba profile snippet doesn't exist"
test -r "$loadedprofiles" || verboseexit "no read permissions for $loadedprofiles - not running as root?"
widelinks=$(testparm -s --parameter-name "wide links" 2>/dev/null)
@@ -66,7 +66,7 @@ diff "$profilesniplet" "$tmp_profilesniplet" >/dev/null && {
mv -f "$tmp_profilesniplet" "$profilesniplet"
-grep -q '^/usr/sbin/smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
+grep -q '^/usr/sbin/smbd (\|^smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded"
echo "Reloading updated AppArmor profile for Samba..."
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/bd4c1577a9b99a501584fe3a663f54f47c91c600...acff585f2bf3e577f18d47dfff83ddf954202e1e
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/bd4c1577a9b99a501584fe3a663f54f47c91c600...acff585f2bf3e577f18d47dfff83ddf954202e1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20190226/0d97716f/attachment-0001.html>
More information about the Pkg-samba-maint
mailing list