http://bugzilla.opensuse.org/show_bug.cgi?id=1195463 http://bugzilla.opensuse.org/show_bug.cgi?id=1195463#c12 --- Comment #12 from Noel Power <nopower@suse.com> --- (In reply to Christian Boltz from comment #11)
That log basically shows 3 [groups of] denials: - capability net_admin -> bug 1196922 aka bug 1196850 comment #3 - /proc/*/fd/ -> https://gitlab.com/apparmor/apparmor/-/merge_requests/860 - smbd and samba-bgqd reading /etc/ssl/openssl.cnf -> this bugzilla comment
Allowing to read the openssl config is quite harmless. Also, samba.spec contains BuildRequires: libopenssl-devel so reading openssl.cnf isn't too surprising. yep, correct
(In reply to Noel Power from comment #9)
I have experienced cache related problems a couple of times recently, however every time I try to pin it down and reproduce it I have failed :/
Timestamps of the profiles and indirectly also your samba config (via the autogenerated profile sniplet) are relevant, which makes reproducing harder.
If that happens again, please save the following files and directories in a tarball (timestamps are most important, but in worst case it's also possible to investigate the content of the cache files): - /etc/samba/smb.conf (or at least its timestamp) - /etc/apparmor.d/ - /var/cache/apparmor/ - /usr/share/apparmor/cache/ - /var/log/audit/audit.log
Thanks for pointing out the important information to save, I will keep an eye out, hopefully I will experience this again soon so I remember this bug and/or the instructions :-) -- You are receiving this mail because: You are on the CC list for the bug.