(In reply to Christian Boltz from comment #1) > While I somewhat understand why you'd like to see sub-packages, let me ask a > completely different question: > > What exactly do you need to add to the samba profiles? For 'usr.sbin.smbd': /dev/urandom rw, For 'usr.sbin.winbindd': /dev/urandom rw, /var/cache/samba/ rw, /var/cache/samba/smb_krb5/ rw, /var/cache/samba/smb_krb5/* rwk, /var/cache/samba/smb_tmp_krb5.* rwk, /var/cache/samba/msg.lock/ rw, /var/cache/samba/msg.lock/* rwk, (For 'usr.sbin.nmbd', all the changes I needed have since been introduced by on-line updates or upgrades since 15.0). Some of these extra requirements may be due to the fact that SerNet uses different default locations during the build environment configuration phase, or enables some options at that time that are not active in the SUSE builds (personal hypothesis). Also, please note that the above extra AppArmor profile contents has been determined based on the DENIED "audit.log" entries found on a domain client (i.e. on a client PC joined to the domain). I still need to check whether further changes may be required to cover: - a domain member server - a domain controller I expect to find out over the coming weeks.