On Wed, Jan 04, 2012 at 07:43:35PM +0100, Christian Boltz wrote:
> when using smbldap-useradd using this smb.conf entry
> add machine script = /usr/sbin/smbldap-useradd -t 5 -w "%u"
> smbd obviously needs x permissions for smbldap-useradd.
>
> The patch also adds a new profile for usr.sbin.smb
On 01/04/2012 12:09 PM, John Johansen wrote:
> On 01/04/2012 11:54 AM, Christian Boltz wrote:
>> Hello,
>>
>> Am Mittwoch, 4. Januar 2012 schrieb Kees Cook:
>>> On Wed, Jan 04, 2012 at 07:43:35PM +0100, Christian Boltz wrote:
+ profile /etc/init.d/nscd {
+#include
+#include
On 01/04/2012 11:54 AM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 4. Januar 2012 schrieb Kees Cook:
>> On Wed, Jan 04, 2012 at 07:43:35PM +0100, Christian Boltz wrote:
>>> + profile /etc/init.d/nscd {
>>> +#include
>>> +#include
>>> +
>>> +capability sys_ptrace,
>>
>> I wonde
Hello,
Am Mittwoch, 4. Januar 2012 schrieb Kees Cook:
> On Wed, Jan 04, 2012 at 07:43:35PM +0100, Christian Boltz wrote:
> > + profile /etc/init.d/nscd {
> > +#include
> > +#include
> > +
> > +capability sys_ptrace,
>
> I wonder why sys_ptrace keeps showing up in some of these prof
Hi,
On Wed, Jan 04, 2012 at 07:43:35PM +0100, Christian Boltz wrote:
> + profile /etc/init.d/nscd {
> +#include
> +#include
> +
> +capability sys_ptrace,
I wonder why sys_ptrace keeps showing up in some of these profiles. Is this
really needed?
> +/proc/filesystems r,
> +/
Hello,
when using smbldap-useradd using this smb.conf entry
add machine script = /usr/sbin/smbldap-useradd -t 5 -w "%u"
smbd obviously needs x permissions for smbldap-useradd.
The patch also adds a new profile for usr.sbin.smbldap-useradd (based on
the audit.log from alexis Pellicier).
Addi