https://bugzilla.novell.com/show_bug.cgi?id=666450 https://bugzilla.novell.com/show_bug.cgi?id=666450#c31 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |suse-beta@cboltz.de InfoProvider|Joachim.Reichelt@helmholtz- | |hzi.de | --- Comment #31 from Christian Boltz <suse-beta@cboltz.de> 2011-04-17 13:52:27 CEST --- (Resetting needinfo to Joachim - IMHO there was enough feedback from other people. Joachim, you may still add your comment of course ;-) (In reply to comment #30)
...parent=2686 profile="/usr/sbin/smbd" name="/mnt/d04/pub/" pid=10299 ...
You are opening a can of worms ;-) because samba shares can basically be every directory on your system depending on the samba config. The profile has @{HOMEDIRS}/** lrwk, which means read and write permissions for home directories (/home/*). There are two options to solve this in a clean way: a) edit /etc/apparmor.d/tunables/home or (better) /etc/apparmor.d/tunables/home.d/site.local and add your /mnt/d04/pub directory to @{HOMEDIRS} b) have a separate tunable for samba shares, maybe /etc/apparmor.d/tunables/samba. It could contain: @{SMBSHARE}=@{HOMEDIRS} /mnt/d04/pub (default value should be @{HOMEDIRS}) Jeff, what do you think about having a separate @{SMBSHARE} tunable? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.