Since these samba profiles are experimental, not enabled by default, and even when enabled by the user, are loaded in "complain" mode, I don't think it's worth fixing for stable releases of Ubuntu.
Furthermore, they come from the src:apparmor package, not samba, and that's a risky update for such a small reason. The risk to benefit ratio is not in favor for this update. For Jammy (current Ubuntu development release), I filed https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1952242 and I will commit there most of the needed changes, leaving just the net_admin one out. Xenial is EOL, so nothing to be done there. If you want to address this in Bionic yourself, I suggest this patch for /etc/apparmor.d/usr.sbin.smbd: --- a/usr.sbin.smbd +++ b/usr.sbin.smbd @@ -49,6 +50,9 @@ /{,var/}run/samba/smbd.pid rw, /{,var/}run/samba/msg.lock/ rw, /{,var/}run/samba/msg.lock/[0-9]* rwk, + # when started by systemd + /{,var/}run/systemd/notify w, + /var/spool/samba/** rw, @{HOMEDIRS}/** lrwk, ** Changed in: samba (Ubuntu Xenial) Status: Triaged => Won't Fix ** Changed in: samba (Ubuntu Bionic) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1719354 Title: apparmor blocking smbd which is in complain mode Status in samba package in Ubuntu: Fix Released Status in samba source package in Xenial: Won't Fix Status in samba source package in Bionic: Won't Fix Bug description: This error is occurring because samba is working in user profile and folder '/run/samba/msg.log' has owner as root. Any log created will be as root. Hence, samba not able to log anything. aravind@comp:~$ tail -f /var/log/syslog | grep -i apparmor Sep 25 21:25:36 comp kernel: [ 4535.034713] audit: type=1400 audit(1506354936.898:275): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:25:36 comp kernel: [ 4535.034719] audit: type=1400 audit(1506354936.898:276): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984668] audit: type=1400 audit(1506355059.847:290): apparmor="ALLOWED" operation="mknod" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984675] audit: type=1400 audit(1506355059.847:291): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984679] audit: type=1400 audit(1506355059.847:292): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984684] audit: type=1400 audit(1506355059.847:293): apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.991838] audit: type=1400 audit(1506355059.855:294): apparmor="ALLOWED" operation="unlink" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 ^C ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apparmor 2.10.95-0ubuntu2.7 ProcVersionSignature: Ubuntu 4.10.0-35.39~16.04.1-generic 4.10.17 Uname: Linux 4.10.0-35-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu2.10 Architecture: amd64 CurrentDesktop: Unity Date: Mon Sep 25 21:27:07 2017 ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.10.0-35-generic root=UUID=3bdb5792-d2a2-4f98-97bd-f274c3d0dde1 ro quiet splash crashkernel=384M-:128M vt.handoff=7 SourcePackage: apparmor Syslog: Sep 25 10:34:40 comp dbus[1174]: [system] AppArmor D-Bus mediation is enabled Sep 25 18:34:05 comp dbus[1083]: [system] AppArmor D-Bus mediation is enabled Sep 25 20:10:24 comp dbus[1066]: [system] AppArmor D-Bus mediation is enabled UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1719354/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
