Hello, Am Samstag, 5. November 2022, 19:00:03 CET schrieb Carlos E. R.:
Unrelated, but this post reminded me that I had an issue with samba and AA in Leap 15.3, which I have been ignoring, till today; aa-logprof just added these lines:
--- /etc/apparmor.d/usr.sbin.smbd 2022-04-15 20:39:33.840172862
+ owner /proc/*/fd/ r, + owner /{,var/}run/samba/** rwk,
Your second rule looks a bit broad, but let's see...
The errors were:
Profile: smbd Path: /proc/2524/fd/ New Mode: owner r Severity: 6
[1 - owner /proc/*/fd/ r,] 2 - owner /proc/2524/fd/ r, (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / (O)wner permissions off / Abo(r)t / (F)inish
That looks sane.
Profile: smbd Path: /run/samba/samba-bgqd.pid Old Mode: rk New Mode: owner rwk Severity: unknown
[1 - owner /{,var/}run/samba/** rwk,] 2 - owner /run/samba/samba-bgqd.pid rwk, (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / (O)wner permissions off / Abo(r)t / (F)inish Adding owner /{,var/}run/samba/** rwk, to profile.
Picking the second option here would have been better / more secure. That said - I'm surprised why smbd wants to write the pid file of samba-bgqd. @Noel: does this sound correct to you? (I know that smbd starts samba-bgqd, but I'd expect - without looking at any source code - that samba-bgqd writes its pid file.) Carlos, if you still have the audit.log for these two events, please send it to me off-list. Regards, Christian Boltz -- What does that mean. Am I guilty? Of course, but what am I accused for? ;-) [Hans-Peter Jansen in opensuse-factory]