On Wed, Aug 17, 2011 at 08:21:31AM -0700, Roger Luedecke wrote:
On Wednesday, August 17, 2011 04:34:46 AM Marcus Meissner wrote: [ 8< ]
i admit that the last time i actually looked into what apparmor was doing has been a long time ago. i guess i'll give it another try, if only to help debugging something that does have it's uses, though i still consider it unnecessary for myself.
It usually is not enabled for most things.
We enabled it for nmbd and smbd in 11.4, which due to very flexible nature of smb paths that can be served made it reject valid user scenarios. It is kind of hard to confine a service which offers read/write access to configurable paths.
Hmm, sounds like a problematic addition. Maybe the restrictions should be lifted then.
Sounds more like the YaST Samba module needs an enhancement if a new share gets added. In this case we have to add a fitting AppArmor configuration for this new path too if AppArmor is in use. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany