# ------------------------------------------------------------------
#
#    Copyright (C) 2022 SUSE LLC
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim:syntax=apparmor

abi <abi/3.0>,

include <tunables/global>
profile samba-rpcd-spoolss /usr/lib*/samba/{,samba/}rpcd_spoolss {
  include <abstractions/samba-rpcd>
  include <abstractions/openssl>
  include <abstractions/cups-client>

  /var/tmp/krb5_@{uid}.rcache2 rwk,
  /usr/lib*/samba/{,samba/}rpcd_spoolss mr,
  /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
  /var/cache/samba/printing/ w,
  /var/cache/samba/printing/*.tdb rwk,
  @{run}/{,samba/}samba-bgqd.pid rk,

  /dev/urandom rw,

  @{run}/samba/ncalrpc/ rw,
  @{run}/samba/ncalrpc/** rw,

  # Permissions for printing related changes that depend on
  # values in smb.conf like path to special 'printers' share
  # (file autogenerated by
  # update-apparmor-samba-profile on service startup
  include if exists <local/usr.sbin.samba_spools>
  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/samba-rpcd-spoolss>
}
