[Samba] AppArmor Rules for Samba AD DC on Ubuntu 14.04 LTS (was: Re: BIND 9.9 apparmor rules with Samba)
Jim Seymour
jseymour at LinxNet.com
Thu Sep 3 13:12:46 UTC 2015
Hi All,
Through interpreting what the current Wiki article says, plus some
trial and error: The following AppArmor rules *appear* to work for a
Samba AD DC using the stuff from the distro for Ubuntu 14.04 LTS:
$ cat /etc/apparmor.d/local/usr.sbin.named
# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/dev/urandom w,
/usr/lib/i386-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/i386-linux-gnu/samba/** rm,
/var/lib/samba/private/dns.keytab r,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns/** rwk,
But, mind you: I'm a Samba AD DC and AppArmor n00b, and I don't
actually have Samba actually *running*, yet, so caveat emptor :)
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba
mailing list