Comment # 9 on bug 1195463 from 
(In reply to Christian Boltz from comment #8)
> From the log in the original report:
> > type=AVC msg=audit(1643828237.305:807): apparmor="DENIED" operation="open" profile="smbd" name="/etc/ssl/openssl.cnf" pid=6144 comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> 
> IIRC I've never seen Samba trying to read the openssl.cnf (but I have to
> admit that I use it only rarely). Do you have a special/unusual samba config
> that could explain it?
> 
> @Noel: if you have an idea, feel free to answer as well ;-)
no idea, sorry, I'm guessing this must be pulled in by some external library
used by samba. I've cc'ed samba-maintainers so maybe someone else here might
have an idea 
> 
> > type=AVC msg=audit(1643828237.385:809): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/lib64/samba/samba-bgqd" pid=6148 comm="smbd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> 
> I assume that was fixed by deleting the cache?
> 
> Also, if you see other DENIED events, please tell me.
> 
> 
> Unfortunately I'm still not sure why you needed to delete the cache.
> 
> The "same as current profile, skipping" log entries from comment 5 happened
> at the same time as the updated apparmor-profiles package was installed.
> This means AppArmor thought the cache was new enough. While this happens on
> the kernel side, it could also be caused by apparmor_parser - if it thinks
> the cache is up to date, it just passes the cache to the kernel. (The cache
> is checked based on the timestamp of the profile and all included files,
> unfortunately not based on the content of those files)
> 
> My guess was that you might have a
> /etc/apparmor.d/local/usr.sbin.smbd-shares (generated from your smb.conf)
> that is newer than the new packaged smbd profile - but your
> usr.sbin.smbd-shares is a year old, so my guess doesn't fit your case.
> Would have been too easy ;-) and I'm somewhat afraid that in your case it
> might stay a mystery what exactly happened.

I have experienced cache related problems a couple of times recently, however
every time I try to pin it down and reproduce it I have failed :/

You are receiving this mail because: