[Bug 945563] New: Samba 3.4.0 does not work because of AppArmor
http://bugzilla.opensuse.org/show_bug.cgi?id=945563 Bug ID: 945563 Summary: Samba 3.4.0 does not work because of AppArmor Classification: openSUSE Product: openSUSE Factory Version: 201505* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: gorgoglione@gmail.com QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- Created attachment 647048 --> http://bugzilla.opensuse.org/attachment.cgi?id=647048&action=edit audit.log Tumbleweed Snapshot 20150909 introduced Samba 3.4.0. After this update, Samba services nmbd and smbd do not start anymore because of now inadequate AppArmor permissions. The following commands temporarily fix the issue:
aa-complain /etc/apparmor.d/usr.sbin.smbd aa-complain /etc/apparmor.d/usr.sbin.nmbd systemctl resatart smbd.service systemctl resatart nmbd.service
In attachment you can find the audit.log file collected after enabling the aa-complain. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c1
Lars Müller
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c2
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c3
Lars Müller
Lars, does winbindd also need those permissions? (I wonder if I should add them to abstractions/samba instead of the individual profiles.)
winbindd suffers from the same issue. As suggested in comment#2 I tested the abstractions/samba approach and the three three services are working while all failed before. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c4
--- Comment #4 from Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c5
--- Comment #5 from Giuseppe Gorgoglione
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c6
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c9
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c10
--- Comment #10 from Lars Müller
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c11
Lars Müller
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c12
--- Comment #12 from Christian Boltz
I'm sorry, but /etc/samba/sock/ has to be replaced by
/var/lib/samba/private/sock
abstractions/samba already contains /var/lib/samba/** rwk, so the only thing I need to do is to drop the patch that adds /etc/samba/sock/ ;-) Since the patch didn't enter Factory yet (the SR was still pending), I just removed all traces of it (including the .changes entry) and sent a new SR.
We found a quite old packaging bug in the SUSE Samba package which has its roots ten years back.
- --with-privatedir=%{CONFIGDIR} Oh, nice ;-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c13
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=945563
http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c14
--- Comment #14 from Lars Müller
participants (1)
-
bugzilla_noreply@novell.com