Thanks! The 'disable spoolss = yes' did the trick for me. I already had everything else related to printing disabled, but smb still wouldn't start. It might be related to the apparmor profile for samba, because I got a 'permission denied' error in my 'systemctl status smb' output... On Wed, Feb 2, 2022 at 11:04 AM cagsm wrote:

On Wed, Feb 2, 2022 at 9:28 AM Carlos E. R. wrote:

...

On 2022-02-02 04:45, Larry Len Rainey wrote:

...

Samba broke in todays 15.3 update - is it apparmor or bug? Status: "daemon failed to start: Samba failed to init printing subsystem"

same here with the smb.service giving this error after the latest samba patches from some hours ago. as I have not changed anything on the machine and suddenly samba dieing it took me while to figure out a work around. some several years old hits on the interwebs search wrote about simply disabling printing stuff in smb.conf

they advised about adding the line in the global section:

disable spoolss = yes

to smb.conf. and i also disabled some other print stuff such as

# printing = cups # printcap name = cups # printcap cache time = 750 # cups options = raw

i dont use any kind of printer on or with the machine.

these settings helped so far. dunno why samba patches need to bring down the whole samba :( ty.

-- Met vriendelijke groet / Best regards, Wilfred van Velzen

I don't really need it because I don't need printing through samba, but I'm curious, so I tried it: # aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Target profile exists: /etc/apparmor.d/samba-bgqd Profile: smbd Execute: /usr/lib64/samba/samba-bgqd Severity: unknown (I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish I have no clue what to choose here. And there seems to be a big discrepancy with 'man aa-logprof' because it only mentions and explains these options: (A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit ??? On Wed, Feb 2, 2022 at 11:22 AM Carlos E. R. wrote:

On 2022-02-02 11:17, Wilfred van Velzen wrote:

...

Thanks!

The 'disable spoolss = yes' did the trick for me. I already had everything else related to printing disabled, but smb still wouldn't start.

It might be related to the apparmor profile for samba, because I got a 'permission denied' error in my 'systemctl status smb' output...

To correct that, you must run "aa-logprof" as root in a terminal.

-- Cheers / Saludos,

Carlos E. R. (from 15.3 x86_64 at Telcontar)

-- Met vriendelijke groet / Best regards, Wilfred van Velzen

Hello, Am Mittwoch, 2. Februar 2022, 13:02:09 CET schrieb Wilfred van Velzen:

I don't really need it because I don't need printing through samba, but I'm curious, so I tried it:

# aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Target profile exists: /etc/apparmor.d/samba-bgqd

Profile: smbd Execute: /usr/lib64/samba/samba-bgqd Severity: unknown

That looks like you don't have the latest AppArmor packages installed. Please make sure to have AppArmor 2.13.6 - the update was released only 21 hours ago. See https://bugzilla.opensuse.org/show_bug.cgi?id=1195412 for some more details.

(I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish

That's the prompt you get when AppArmor hits an "exec" event (a program executed another program, without having a rule for it yet). The options listed let you choose if the program gets executed under the same AppArmor profile (inherit), or with a separate profile. <shameless plug> If you want to learn what these options mean, have a look at my "AppArmor Crash Course". You can find the slides on blog.cboltz.de, and a recording on media.ccc.de: https://media.ccc.de/v/786-apparmor-crash-course (Note: The recording is from 2016, but it only misses a few feature additions. There's also a newer german recording on media.ccc.de) The security guide on doc.opensuse.org should also get you started.

I have no clue what to choose here. And there seems to be a big discrepancy with 'man aa-logprof' because it only mentions and explains these options:

(A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit

That's the prompt you get when a program tries to access (read, write, lock etc.) a file. Regards, Christian Boltz -- * pfak cries in a corner <pfak> You think I'm joking. But my desk at work is in a corner. <sarnold> that's just smart planning <sarnold> put the guy who knows how everything works in the corner, so when he wants to cry in a corner, *bam*, synergies and efficiencies! [from #apparmor]