Hello, nmbd, winbindd (and most probably also smbd - but it has a more permissive profile that already allows this) need rw access to /var/cache/samba/lck/* on Debian 8.6.
Reported by FLD on IRC.
I propose this patch for trunk, 2.10 and 2.9.
[ abstractions-samba-lck.diff ]
--- profiles/apparmor.d/abstractions/samba 2016-10-14 00:35:27.514276563
+0200
+++ profiles/apparmor.d/abstractions/samba 2016-10-25 20:21:09.330928549
+0200
@@ -16,6 +16,7 @@
/usr/share/samba/*.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/var/cache/samba/ w,
+ /var/cache/samba/lck/* rw,
/var/lib/samba/** rwk,
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
Regards,
Christian Boltz
--
> I'm quite sure nobody will follow the "jump into the sea _now_" rule
> just because you offer a karma point for doing that ;-)
Too bad, +100 points for jumping into the sea _now_ was going to be my
first proposal :-)
[> Christian Boltz and Ancor Gonzalez Sosa in opensuse-project]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
