[Touch-packages] [Bug 1993572] Re: samba profile: missing rule for mkdir /var/cache/samba/printing

Wed, 19 Oct 2022 11:00:55 -0700 

This looks like is enough to address it:

--- samba-rpcd-spoolss.orig     2022-10-19 17:48:42.767775584 +0000
+++ samba-rpcd-spoolss  2022-10-19 17:47:50.527693050 +0000
@@ -18,6 +18,7 @@
 
   /usr/lib*/samba/{,samba/}rpcd_spoolss mr,
   /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+  /var/cache/samba/printing/ rw,
   /var/cache/samba/printing/*.tdb rwk,
   @{run}/samba/samba-bgqd.pid rk,

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572

Title:
  samba profile: missing rule for mkdir /var/cache/samba/printing

Status in apparmor package in Ubuntu:
  New

Bug description:
  After the fix for #1990692, one more rule is needed it seems.

  I put all samba profiles in enforce mode, and when I ran that final
  command, got an error and an apparmor denied message:

  $ rpcclient -Uroot%root localhost -c 'getprinter testprinter 2'
  cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe spoolss failed with error 
NT_STATUS_CONNECTION_DISCONNECTED
  do_cmd: Could not initialise spoolss. Error was 
NT_STATUS_CONNECTION_DISCONNECTED

  [qua out 19 14:42:36 2022] audit: type=1400 audit(1666201357.627:342):
  apparmor="DENIED" operation="mkdir" class="file" namespace="root//lxd-
  k-samba-apparmor_<var-snap-lxd-common-lxd>" profile="samba-rpcd-
  spoolss" name="/var/cache/samba/printing/" pid=129107
  comm="rpcd_spoolss" requested_mask="c" denied_mask="c" fsuid=1000000
  ouid=1000000

  
  And indeed, that directory wasn't created:
  $ l /var/cache/samba/printing
  ls: cannot access '/var/cache/samba/printing': No such file or directory
  $ l /var/cache/samba/
  total 16K
  drwxr-xr-x 1 root root   48 Oct 19 17:42 .
  drwxr-xr-x 1 root root  170 Oct 19 17:41 ..
  -rw-r--r-- 1 root root  166 Oct 19 17:42 browse.dat
  -rw-r--r-- 1 root root 8.7K Oct 19 17:42 smbprofile.tdb

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1993572/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to