Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] samba woes with apparmor

Am Freitag, 1. November 2013 schrieb lynn:
On Fri, 2013-11-01 at 11:59 +0100, Carlos E. R. wrote:
On 2013-11-01 10:32, lynn wrote:

2013-11-01T09:45:47.551447+01:00 altea kernel: [ 36.449978]
type=1400 audit(1383295547.544:34): apparmor="DENIED"
operation="open" parent=1 profile="/usr/sbin/smbd"
You need to allow open file /var/lib/sss/pubconf/kdcinfo.HH3.SITE in
profile /usr/sbin/smbd

Is "HH3.SITE" your hostname? If yes, you should allow kdcinfo.* instead.

2013-11-01T09:46:04.195179+01:00 altea kernel: [ 53.093252]
type=1400 audit(1383295564.188:42): apparmor="DENIED"
operation="file_lock" parent=673 profile="/usr/sbin/smbd"
name="/etc/krb5.keytab" pid=908 comm="smbd" requested_mask="k"
denied_mask="k" fsuid=0 ouid=0>
You need to allow lock of /etc/krb5.keytab


Yeah. OK, thanks. I've added the files. openSUSE always seems to
overlook anything that's kerberized. Even Samba!

Last time I used samba was maybe 4 years ago [1], and I only have a very
basic samba config. This also means I don't know every possible config
option and what it could require.

Can you please open a bugreport with your profile additions?


Christian Boltz

[1] just starting it to test the basics of the AppArmor profile (which I
did some weeks ago) doesn't count as usage ;-)
Böse Zungen behaupten, ein unterschriebenes Zertifikat bescheinigt
dem Client, daß ein unbekannter Serverbetreiber einem unbekannten
CA-Betreiber Geld bezahlt hat. Das ist natürlich für eine Kommunikation
eine eher nutzlose Garantie.

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups