Since these samba profiles are experimental, not enabled by default, and
even when enabled by the user, are loaded in "complain" mode, I don't
think it's worth fixing for stable releases of Ubuntu.
Furthermore, they come from the src:apparmor package, not samba, and
that's a risky update for such
the net_admin bits only show up in apparmor's logs when nmbd is started
via systemd. I suspect due to linking with systemd because of the notify
mechanism. That's unfortunate. Funny though, it still happens in ubuntu
jammy, even with the systemd patch applied.
--
You received this bug notificatio
Hey, I'm back. Again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719354
Title:
apparmor blocking smbd which is in complain mode
To manage notifications about this bug go to:
https://bugs.launch
I dropped the ball on this one, but would like another chance to work on
it in the coming weeks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719354
Title:
apparmor blocking smbd which is in compl
As part of our effort to fix languishing bugs, I'm revisiting this one
and will drive it to conclusion.
** Changed in: samba (Ubuntu Xenial)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: samba (Ubuntu Bionic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
The net_admin denial is probably caused by a bug in systemd, see
https://bugzilla.opensuse.org/show_bug.cgi?id=991901 and
https://github.com/systemd/systemd/pull/10085
I'd recommend not to allow that capability in the nmbd profile, and instead
apply the patch to systemd.
Write permissions to /r
** Also affects: samba (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: samba (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: samba (Ubuntu Xenial)
Status: New =>
Confirmed that cosmic is fine now, but there are still issues in xenial as
reported, and these two in bionic:
[ 132.722115] audit: type=1400 audit(1530560652.717:57): apparmor="DENIED"
operation="capable" profile="/usr/sbin/nmbd" pid=717 comm="nmbd" capability=12
capname="net_admin"
[ 132.723
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719354
Title:
apparmor blocking smbd which is in complain mode
To manage notifications about this bug go to:
https://bugs.l
> sudo mv /etc/apparmor.d/usr.sbin.smbd
/etc/apparmor.d/usr.sbin.smbd_OLD
Please move that *_OLD file outside of /etc/apparmor.d/ - otherwise it
will still be loaded on a "last one wins" base. Obviously you'll need to
reload the profiles once more afterwards to ensure the "right" profile
is loaded
I run this:
wget -O /tmp/usr.sbin.smbd
https://bazaar.launchpad.net/~apparmor-dev/apparmor/2.11/download/head:/usr.sbin.smbd-2009194200-xv2hcz910jtzeta9-12/usr.sbin.smbd
sudo mv /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/usr.sbin.smbd_OLD
sudo mv /tmp/usr.sbin.smbd /etc/apparmor.d/usr.sbin
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: samba (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719354
Title:
appa
aa-notify doesn't have an option to silence specific events - hey, it's
job is to annoy^Wnotify you, so what do you expect? ;-)
To silence the notifications, you'll have to update the profile.
The easiest solution is probably to download the latest smbd profile from
http://bazaar.launchpad.net/~a
Mr.Christian,
Thanks, I will backport.
I have another problem too because of the same. I have installed
apparmor-notify. Please just tell me how to disable notification for
samba in complaining mode.
The below instance is loop for every 30 seconds.
The below is the algo which is causing disaste
This is fixed in AppArmor bzr since
revno: 3437.1.4
timestamp: Wed 2016-04-13 09:24:46 -0400
usr.sbin.smbd: new lock dir used by recent versions (4.3.8)
so you'll "just" need to backport the smbd profile to 16.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Package changed: apparmor (Ubuntu) => samba (Ubuntu)
** Description changed:
- apparmor blocking smbd which is in complain mode
+ This error is occurring because samba is working in user profile and
+ folder '/run/samba/msg.log' has owner as root. Any log created will be
+ as root. Hence, samb
16 matches
Mail list logo
