Hello, Am Freitag, 1. November 2013 schrieb lynn:
On Fri, 2013-11-01 at 11:59 +0100, Carlos E. R. wrote:
On 2013-11-01 10:32, lynn wrote:
2013-11-01T09:45:47.551447+01:00 altea kernel: [ 36.449978] type=1400 audit(1383295547.544:34): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/smbd" name="/var/lib/sss/pubconf/kdcinfo.HH3.SITE"> You need to allow open file /var/lib/sss/pubconf/kdcinfo.HH3.SITE in profile /usr/sbin/smbd
Is "HH3.SITE" your hostname? If yes, you should allow kdcinfo.* instead.
2013-11-01T09:46:04.195179+01:00 altea kernel: [ 53.093252] type=1400 audit(1383295564.188:42): apparmor="DENIED" operation="file_lock" parent=673 profile="/usr/sbin/smbd" name="/etc/krb5.keytab" pid=908 comm="smbd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0> You need to allow lock of /etc/krb5.keytab
etc.
Hi Yeah. OK, thanks. I've added the files. openSUSE always seems to overlook anything that's kerberized. Even Samba!
Last time I used samba was maybe 4 years ago [1], and I only have a very basic samba config. This also means I don't know every possible config option and what it could require. Can you please open a bugreport with your profile additions? Regards, Christian Boltz [1] just starting it to test the basics of the AppArmor profile (which I did some weeks ago) doesn't count as usage ;-) -- Böse Zungen behaupten, ein unterschriebenes Zertifikat bescheinigt dem Client, daß ein unbekannter Serverbetreiber einem unbekannten CA-Betreiber Geld bezahlt hat. Das ist natürlich für eine Kommunikation eine eher nutzlose Garantie. [http://blog.koehntopp.de/archives/3166-Not-Fixing-SSL.html] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org