Comment # 2 on bug 1166407 from
(In reply to Christian Boltz from comment #1)
> While I somewhat understand why you'd like to see sub-packages, let me ask a
> completely different question:
> 
> What exactly do you need to add to the samba profiles?

For 'usr.sbin.smbd':
  /dev/urandom rw,


For 'usr.sbin.winbindd':
  /dev/urandom rw,

  /var/cache/samba/ rw,

  /var/cache/samba/smb_krb5/ rw,
  /var/cache/samba/smb_krb5/* rwk,
  /var/cache/samba/smb_tmp_krb5.* rwk,
  /var/cache/samba/msg.lock/ rw,
  /var/cache/samba/msg.lock/* rwk,


(For 'usr.sbin.nmbd', all the changes I needed have since been introduced by
on-line updates or upgrades since 15.0).

Some of these extra requirements may be due to the fact that SerNet uses
different default locations during the build environment configuration phase,
or enables some options at that time that are not active in the SUSE builds
(personal hypothesis).

Also, please note that the above extra AppArmor profile contents has been
determined based on the DENIED "audit.log" entries found on a domain client
(i.e. on a client PC joined to the domain). I still need to check whether
further changes may be required to cover:
- a domain member server
- a domain controller

I expect to find out over the coming weeks.


You are receiving this mail because: