Bugzilla – Bug 714089
Apparmour not allowing global unblock for SAMBA shares
Last modified: 2011-08-26 12:40:15 UTC
Created attachment 447534 [details] SAMBA config file User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0 I upgraded a currently patched OpenSUSE 11.3 install to 11.4 This caused Apparmour to automatically block all three of my SAMBA shares. (/mnt/media1 , /mnt/media2 , /mnt/media3 & /mnt/downloads) These are setup in my samba.conf as global guest read/ write, with the guest user being 'christopher' (Only user on the system other than the inbuilt ones) Next I switched Apparmour to 'Complain' mode and attempted to unblock the shares using the global option on the prompt. This isn't working, and I can only unblock a single file/ directory at a time, as opposed to the global roots for each share. Reproducible: Always Steps to Reproduce: Change Apparmour to complain mode and use the global unblock option presented. Actual Results: Unblocks a single file/ directory only. Expected Results: Only unblocks single files/ directories.
You didn't write which tool you used to update the profile, but the working solution is: - as root, run "aa-logprof" - you can press "g" (glob) one or more times to make the path more general - (alternative way: press "n" (new) and enter the path manually - when you have the path you want, allow access to it (IIRC "_a_llow") You'll need to grant permissions for /mnt/media1/ /mnt/media1/** (and similar for your other shares) That said: a better solution would be to auto-generate the profile based on the smb.conf - that's something that I proposed in bug 688040 (as usual: patches welcome ;-) *** This bug has been marked as a duplicate of bug 688040 ***