On Saturday 25 Jun 2011 19:56:26 you wrote:
On 6/25/2011 1:17 AM, lynn wrote:
The Samba with apparmor still doesn't work. Serious network users need networking That Works out of the box.
Cheers. L x
I can't comment on any of your other points, but the above is simply not true. Samba works fine with AppArmor.
The "out of the box" bit suggests you want to put it up with no configuration and expect it to work immediately, which, if it would work that way would be rather insecure, and / or require omniscience that no one really has.
So just a small amount of configuration is necessary for AppArmor.
Leave AppArmor running and fire up samba. It will probably fail.
As root Open Yast and select Update Profile Wizard. (or use command line "genprof")
It will list everything Samba tried to access before AppArmor shut it down for access violations.
Look carefully at these to make sure they are Samba related (under the scenario of a new machine they always will be), and use the controls in the Profile Wizard to allow access to these.
Restart Samba.
Rinse, lather, repeat. Each time Samba gets a little farther. The whole process takes about 5 minutes and about 3 to 5 retries.
When Samba is up and running, have someone open a few files . Probably AppArmor will stop that as well.
Again launch profile wizard, but this time notice that "Glob" button. So even tho the user tried to open /corporate/data/historical-documents/fy1993-capital-budget.doc you don't want to be building AppArmor rules for that level of detail. So each time you hit the Glob button, it will remove a directory node. In this case you would hit glob till only /corporate was left in the path and tell AppArmor to go ahead with that.
This whole process takes 15 minutes, and then its done. You have your Samba and your AppArmor too. I don't think that is too much for a System Administrator to do.
Should the Samba configuration also tap AppArmor on the shoulder and tell the detailed changes it needs? Perhaps. But instead of writing code to be inserted in every project, (A never ending task), the AppArmor guys wrote a wizard that can figure out what is needed for ANY package, and give the user detailed control over it.
So you can just as easily customize the AppArmor profiles on the fly.
I haven't had a bit of trouble with AppArmor and Samba since I did this.
There should be some rather lucid html documentation on this located in /usr/share/doc/manual/opensuse-manuals/cha.apparmor.start.html but quite frankly it just started playing with the wizard in yast and figured it out. Well I tried that and the only way Samba would work was to disable apparmor. That was months ago but it's still working. N. What I was looking for was a fix, not stp staty worksround. Thanks for repling in detil though. Lx -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org