Hello, Am Dienstag, 22. August 2017, 21:58:32 CEST schrieb Seth Arnold: > On Tue, Aug 22, 2017 at 01:09:47PM +0200, Christian Boltz wrote: > > the Samba package used by the INVIS server (based on openSUSE) needs > > some additional Samba permissions for the added ActiveDirectory / > > Kerberos support. > > Is the sss/ms/initgroups change intentional?
Yes, this is intentional - I did the profile updates (on an INVIS server) myself ;-) > Should that go into abstractions/nameservice instead? What about "maybe"? ;-) This was the first time I've seen access to sss/ms/initgroups. I don't really know what it does, so I prefered to only allow it in the smbd profile. If you think it makes sense for abstractions/nameservice, I can change the patch ;-) Regards, Christian Boltz -- So wie yast2 [auf der Konsole] zur Zeit aussieht, ist es das Outlook unter den Konsolenprogrammen: Nämlich die alleinseligmachende, fortge- setzte Normverletzung unter Vorgabe guter Motive. [Ratti in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
