From b77d354e4819bd58c227a5972589c7496ad939d8 Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Wed, 17 Jul 2024 08:30:00 +0000
Subject: [PATCH] Merge samba-dcerpcd: allow to execute rpcd_witness

... and extend the samba-rpcd profile to also include rpcd_witness.

Patch by Noel Power <nopower@suse.com>

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1225811

I propose this patch for 3.x, 4.0 and master.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1256
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 899c0b3942897c66b30868e59b599a74bde68877)
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor.d/samba-dcerpcd | 2 +-
 profiles/apparmor.d/samba-rpcd    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Index: apparmor-3.1.7/profiles/apparmor.d/samba-dcerpcd
===================================================================
--- apparmor-3.1.7.orig/profiles/apparmor.d/samba-dcerpcd
+++ apparmor-3.1.7/profiles/apparmor.d/samba-dcerpcd
@@ -21,7 +21,7 @@ profile samba-dcerpcd /usr/lib*/samba/{,
   /usr/lib*/samba/{,samba/}samba-dcerpcd mr,
 
   /usr/lib*/samba/ r,
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} Px -> samba-rpcd,
   /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
   /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
 
Index: apparmor-3.1.7/profiles/apparmor.d/samba-rpcd
===================================================================
--- apparmor-3.1.7.orig/profiles/apparmor.d/samba-rpcd
+++ apparmor-3.1.7/profiles/apparmor.d/samba-rpcd
@@ -13,9 +13,9 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} {
   include <abstractions/samba-rpcd>
-  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+  /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} mr,
 
   @{run}/samba/ncalrpc/np/winreg wr,