On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote:
> On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote:
> > Am Mittwoch, 13. April 2016, 22:04:37 CEST schrieb Michal Kubecek:
> > > 
> > > I did some (very) basic testing and found only one issue: to start
> > > nmbd from 4.2.4 package on a 13.1 system with AppArmor, these need to
> > > be added to its profile:
> > > 
> > >   /var/{cache,lib}/samba/lck/ w,
> > >   /var/{cache,lib}/samba/lck/* wk,
> > >   /var/{cache,lib}/samba/msg/ w,
> > >   /var/{cache,lib}/samba/msg/* w,
> > 
> > Are those files and directories in /var/cache/samba/ or /var/lib/samba/ ?
> > I'm asking because /var/lib/samba/** is covered by newer upstream 
> > profiles (via abstractions/samba), while /var/cache/samba/ isn't.
> 
> Only /var/lib/samba paths were needed, I just adjusted the rules to mach
> the others.
> 
> I will check if the same problem exists in SLE12 GA and openSUSE 13.2
> which also upgraded from 4.1.x to 4.2.4 (and to exactly the same
> package). I it does, I'll file a bug.

SLE12 GA has apparmor-profiles 2.8.2 but it already has

  /var/lib/samba/** rwk,

in abstractions/samba so it's OK. On the other hand, 13.2 has newer
apparmor-profiles 2.9.1 but still without the general rule and as I
checked now, it suffers from the same problem as 13.1. The update hasn't
been released yet so I added a comment to the openSUSE:Maintenance:4961
release request #389541 (https://build.opensuse.org/request/show/389541).

                                                          Michal Kubecek

_______________________________________________
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen

Reply via email to