[apparmor] [PATCH] add locking to smbd profile
Jamie Strandboge
jamie at canonical.com
Tue Sep 14 20:23:07 BST 2010
On Tue, 2010-09-14 at 12:04 -0700, Steve Beattie wrote:
> On Tue, Sep 14, 2010 at 08:26:33AM -0500, Jamie Strandboge wrote:
> > This came up in an IRC discussion. Basically exported files need to have
> > 'k' to work properly with certain applications. Attached is a patch to
> > achieve this.
>
> While I can certainly imagine that locking would be needed for some
> apps, some context as to how this came up would be nice. Do you have a
> pointer to the IRC discussion?
This happened in #ubuntu-server at 13:09 UTC on today's date. The person
is seeing thousands of messages like the following:
Sep 13 09:11:23 repono kernel: [2313239.596403] type=1503
audit(1284387083.148:24685): operation="file_lock" pid=22942
parent=22933 profile="/usr/sbin/smbd" requested_mask="k::"
denied_mask="k::" fsuid=1008 ouid=1008 name=2F6...
Decoding the name showed this was a Word .doc file, so either OO.o or MS
Office was doing the locking. I didn't probe any further.
> > I'm not sure how much we want to keep pushing into 2.5.1, but this does
> > seem like a nice candidate. Waiting for 2.5.2 is fine too.
>
> As I'd planned at least one more spin for 2.5.1 and this seems safe,
> I have no problem with this for 2.5.1. ACK.
Committed to trunk and 2.5.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100914/9a79a55a/attachment.pgp
More information about the AppArmor
mailing list