http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c1 Lars Müller changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |samba-maintainers@SuSE.de Assignee|samba-maintainers@SuSE.de |suse-beta@cboltz.de --- Comment #1 from Lars Müller --- Thanks for the report! Both profiles - /etc/apparmor.d/usr.sbin.{n,s}mbd - aren't part of the Samba package. They are shipped as part of the apparmor-profiles package. Therefore I'm passing this issue to Christian. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c3 Lars Müller changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(lmuelle@suse.com) | --- Comment #3 from Lars Müller --- (In reply to Christian Boltz from comment #2)

Lars, does winbindd also need those permissions? (I wonder if I should add them to abstractions/samba instead of the individual profiles.)

winbindd suffers from the same issue. As suggested in comment#2 I tested the abstractions/samba approach and the three three services are working while all failed before. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c5 --- Comment #5 from Giuseppe Gorgoglione --- I was late reading your first comment and applied directly the second fix to abstractions/samba. I confirm it works fine. Thank you for your prompt support! -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c9 Christian Boltz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- Assignee|suse-beta@cboltz.de |lmuelle@suse.com Summary|Samba 3.4.0 does not work |Samba 4.3.0 does not work |because of AppArmor |because of AppArmor --- Comment #9 from Christian Boltz --- For the records - this bugreport is about Samba 4.3, not 3.4 ;-) Also, as discussed on the AppArmor mailinglist, /etc/ is not really a good place for sockets. Therefore reopening and assigning back to Lars ;-) (Please don't wait too long with getting a better path (/run/samba/ ?) - I'd hate to keep /etc/samba/sock/ in the profile, but removing it again is only a sane option if the paths are changed quickly ;-) -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c11 Lars Müller changed: What |Removed |Added ---------------------------------------------------------------------------- CC|lmuelle@suse.com | Assignee|lmuelle@suse.com |suse-beta@cboltz.de --- Comment #11 from Lars Müller --- Thanks for reopening and please (re)adjust the AppArmor package. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=945563 http://bugzilla.opensuse.org/show_bug.cgi?id=945563#c13 Christian Boltz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #13 from Christian Boltz --- . -- You are receiving this mail because: You are on the CC list for the bug.