Hello,
smbd stores ACLS in the security.NTACL namespace, which means it needs
capability sys_admin.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=964971
http://samba-technical.samba.narkive.com/eHtOW8DE/nt-acls-using-the-security-namespace-for-ntacl-considered-improper
This adds support to the profile generator script for change_profile
rules, giving the ability to write the 3 factor version of the rule
(e.g. "change_profile /t -> A_PROFILE") which was significantly more
difficult using straight raw rules, which is why we don't have any 3
factor rule tests.
Sign
Hello,
Am Samstag, 19. März 2016, 11:55:09 CET schrieb Steve Beattie:
> On Sun, Feb 21, 2016 at 03:00:06PM +0100, Christian Boltz wrote:
> > exec choices are stored in transitions[], but that's never used
> > (and I don't see a need for it), therefore stop storing it.
> >
> >
> > [ 73-exec-trans
On 2016-03-18 10:42:09, Steve Beattie wrote:
> It's possible to end up unreferencing a kernel_interface object that has
> ->dirfd set to -1. This patch avoids calling close(2) on that fd.
> (close(-1) will just return EBADF anyway.)
>
> Coverity CIDs #55996 and #55997
>
> Signed-off-by: Steve Bea