[apparmor] [MERGE] profiles: permit clustered Samba access to CTDB socket and databases
Seth Arnold
seth.arnold at canonical.com
Mon Jul 7 18:16:32 UTC 2014
On Fri, Jul 04, 2014 at 12:24:12PM +0200, David Disseldorp wrote:
> The attached profile update is required for Samba to operate as part of
> a cluster alongside CTDB.
Thanks David, I've got a few questions, as this is the first I've heard of
CTDB.
Does samba entirely "own" CTDB? Or are there other potential users for it
on a cluster? Maybe these privileges are fine and reasonable if Samba owns
the service entirely but they might be far too broad if CTDB is providing
service for other tools.
Is there any need of /etc/ctdb/ and related files?
> === modified file 'profiles/apparmor.d/abstractions/samba'
> --- profiles/apparmor.d/abstractions/samba 2013-12-23 21:15:47 +0000
> +++ profiles/apparmor.d/abstractions/samba 2014-07-04 10:09:58 +0000
> @@ -20,3 +20,5 @@
> /{,var/}run/samba/ w,
> /{,var/}run/samba/*.tdb rw,
>
> + # required for clustering
> + /var/lib/ctdb/** rwk,
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140707/ead0fc01/attachment.pgp>
More information about the AppArmor
mailing list