|
Bugzilla – Full Text Bug Listing |
| Summary: | Apparmour not allowing global unblock for SAMBA shares | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.4 | Reporter: | Christopher Lees <leezer3> |
| Component: | AppArmor | Assignee: | Jeff Mahoney <jeffm> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | suse-beta |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86 | ||
| OS: | Windows 7 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | SAMBA config file | ||
You didn't write which tool you used to update the profile, but the working solution is:
- as root, run "aa-logprof"
- you can press "g" (glob) one or more times to make the path more general
- (alternative way: press "n" (new) and enter the path manually
- when you have the path you want, allow access to it (IIRC "_a_llow")
You'll need to grant permissions for
/mnt/media1/
/mnt/media1/**
(and similar for your other shares)
That said: a better solution would be to auto-generate the profile based on the smb.conf - that's something that I proposed in bug 688040 (as usual: patches welcome ;-)
*** This bug has been marked as a duplicate of bug 688040 ***
|
Created attachment 447534 [details] SAMBA config file User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0 I upgraded a currently patched OpenSUSE 11.3 install to 11.4 This caused Apparmour to automatically block all three of my SAMBA shares. (/mnt/media1 , /mnt/media2 , /mnt/media3 & /mnt/downloads) These are setup in my samba.conf as global guest read/ write, with the guest user being 'christopher' (Only user on the system other than the inbuilt ones) Next I switched Apparmour to 'Complain' mode and attempted to unblock the shares using the global option on the prompt. This isn't working, and I can only unblock a single file/ directory at a time, as opposed to the global roots for each share. Reproducible: Always Steps to Reproduce: Change Apparmour to complain mode and use the global unblock option presented. Actual Results: Unblocks a single file/ directory only. Expected Results: Only unblocks single files/ directories.