Bug ID | 1205303 |
---|---|
Summary | AppArmor prevents winbind from starting /usr/sbin/samba-gpupdate |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | AppArmor |
Assignee | suse-beta@cboltz.de |
Reporter | david.mulder@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Winbind needs to be able to execute /usr/sbin/samba-gpupdate in order to apply group policy, but it's being blocked by apparmor: [2022/11/09 11:02:36.004585, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: Failed to exec child - Permission denied [2022/11/09 11:02:36.006258, 3] ../../lib/util/util_runcmd.c:319(samba_runcmd_io_handler) samba_runcmd_io_handler: Child /usr/sbin/samba-gpupdate exited 255 [2022/11/09 11:02:36.006294, 0] ../../source3/winbindd/winbindd_gpupdate.c:182(gpupdate_cmd_done) gpupdate_cmd_done: gpupdate failed with exit status 255 type=AVC msg=audit(1668022211.285:471): apparmor="DENIED" operation="exec" profile="winbindd" name="/usr/sbin/samba-gpupdate" pid=9638 comm=74666F726B20776169746572 requested_mask="x" denied_mask="x" fsuid=0 ouid=0