Comment # 14 on bug 1195412 from 
(In reply to Noel Power from comment #10)
> (In reply to Christian Boltz from comment #9)
> > 
> > >  4 removing the cached compiled profile (rm 
> > > /etc/apparmor.d/cache.d/$(somenumber)/usr.sbin.smb)
> > >  5 restart apparmor (rcapparmor start)
> > >  6 restart smbd (rcsmb start)
> > > 
> > > I had to do step 4 (which seems unnecessary, perhaps there is an issue with
> > > apparmor) in order to get the profile to start to work
> > 
> > That indeed sounds unnecessary.
> 
> I'm pretty certain the cached use.sbin.smb binary profile didn't update
> after the apparmor was updated. Is there some special step that one should
> do or is the expectation the cached object should be updated along with the
> new profile ? IIRC if I manually modify a profile to add a new rule and
> restart apparmor it normally sticks (which sounds to me like the update
> should *just* work) 
> 
> I'm going to (later) have a go at reproducing this with a vm (so I can
> snapshot fully back to state before updating)

well, perhaps I was imagining things :-) I retried this on a fresh leap15.3 vm
(NOTE: leap15.3 has the apparmor update even since this morning)

samba started fine after the update

localhost:~ # smbd --version
Version 4.13.4-git.187.5ad4708741a1.34-SUSE-oS15.0-x86_64
localhost:~ # zypper up samba apparmor*
Loading repository data...
Reading installed packages...
Resolving package dependencies...

" "

localhost:~ # rpm -qa | grep apparmor-profiles
apparmor-profiles-2.13.6-150300.3.11.2.noarch
localhost:~ # smbd --version
Version 4.15.4-git.324.8332acf1a63150300.3.25.3-SUSE-oS15.0-x86_64


localhost:~ # rcsmb restart
localhost:~ # rcsmb status
��������� smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor
pres>
     Active: active (running) since Wed 2022-02-02 15:31:24 GMT; 3s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
    Process: 5606 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
(>
   Main PID: 5617 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 4 (limit: 2346)
     CGroup: /system.slice/smb.service
             ������������������5617 /usr/sbin/smbd --foreground --no-process-group
             ������������������5619 /usr/sbin/smbd --foreground --no-process-group
             ������������������5620 /usr/sbin/smbd --foreground --no-process-group
             ������������������5622 /usr/lib64/samba/samba-bgqd --ready-signal-fd=47
--parent-w>

Feb 02 15:31:24 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
Feb 02 15:31:24 localhost.localdomain update-apparmor-samba-profile[5606]:
Relo>
Feb 02 15:31:24 localhost.localdomain smbd[5617]: [2022/02/02 15:31:24.358209,
>
Feb 02 15:31:24 localhost.localdomain smbd[5617]:   smbd version
4.15.4-git.324>
Feb 02 15:31:24 localhost.localdomain smbd[5617]:   Copyright Andrew Tridgell
a>
Feb 02 15:31:24 localhost.localdomain systemd[1]: Started Samba SMB Daemon.

You are receiving this mail because: