https://bugzilla.novell.com/show_bug.cgi?id=851131
https://bugzilla.novell.com/show_bug.cgi?id=851131#c20
--- Comment #20 from Christian Boltz
profile="/usr/sbin/winbindd" name="/var/cache/krb5rcache/hostname-044_6540"
I think I'll disable apparmor for winbind.
Please don't ;-) Instead, please replace your winbind profile with the profile attached to this comment and run "rcapparmor reload" to load it. Instead of disabling the AppArmor profile for winbind, you can/should switch it to complain mode with aa-complain. This means it allows everything and logs everything the profile wouldn't allow. (Please report all log events so that I can improve the profile.) I'm waiting for the upstream 2.8.4 release and will then submit an update for 13.1 that also includes the updated winbind profile. (You can install apparmor-profiles-2.8.3 from security:apparmor/apparmor_2_8 if you want all updated profiles.) (In reply to comment #18)
(In reply to comment #17)
audit(1410424585.466:41): apparmor="DENIED" operation="capable" parent=1941 profile="/usr/sbin/winbindd" pid=2135 comm="winbindd" pid=2135 comm="winbindd" capability=1 capname="dac_override"
This log message is from # date -d @1410424585.466 Thu Sep 11 10:36:25 CEST 2014
I see this additionally in my logs:
2014-09-03T17:44:34.044481+02:00 iek3150 winbindd[2283]:
Needless to say that this is a totally different date/event ;-)
failed to destroy user krb5 ccache FILE:/tmp/krb5cc_164480 with: Credentials cache permissions incorrect
That's the /tmp/krb5cc_* issue you reported earlier - that's also fixed in the attached profile already. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.