[Bug 1719354] Re: apparmor blocking smbd which is in complain mode

Aravind R 1719354 at bugs.launchpad.net
Wed Sep 27 13:44:33 UTC 2017 

Mr.Christian,

Thanks, I will backport.

I have another problem too because of the same. I have installed
apparmor-notify. Please just tell me how to disable notification for
samba in complaining mode.

The below instance is loop for every 30 seconds.

The below is the algo which is causing disaster of samba + apparmor.

START LOOP:

1) msg.lock is used in recent version 4.3.8

2) smbd is running as root

3) samba is running as local profile user

4) any file created by smbd in msg.lock is root:root

5) when every samba try to access the file, it is an error of denial to
write.

6)  Apparmor logs in kernal.log the above bla bla bla log.

7) AppArmor-notify alert the same.

RE-RUN LOOP EVERY 30 SECONDS


I am using ubuntu desktop. I hope you can understand my problem. I can't found option to do the same in aa-notify.

Thanks in advance.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1719354

Title:
  apparmor blocking smbd which is in complain mode

Status in samba package in Ubuntu:
  New

Bug description:
  This error is occurring because samba is working in user profile and
  folder '/run/samba/msg.log' has owner as root. Any log created will be
  as root. Hence, samba not able to log anything.

  
  aravind at comp:~$ tail -f /var/log/syslog | grep -i apparmor
  Sep 25 21:25:36 comp kernel: [ 4535.034713] audit: type=1400 audit(1506354936.898:275): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Sep 25 21:25:36 comp kernel: [ 4535.034719] audit: type=1400 audit(1506354936.898:276): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Sep 25 21:27:39 comp kernel: [ 4657.984668] audit: type=1400 audit(1506355059.847:290): apparmor="ALLOWED" operation="mknod" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
  Sep 25 21:27:39 comp kernel: [ 4657.984675] audit: type=1400 audit(1506355059.847:291): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0
  Sep 25 21:27:39 comp kernel: [ 4657.984679] audit: type=1400 audit(1506355059.847:292): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Sep 25 21:27:39 comp kernel: [ 4657.984684] audit: type=1400 audit(1506355059.847:293): apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Sep 25 21:27:39 comp kernel: [ 4657.991838] audit: type=1400 audit(1506355059.855:294): apparmor="ALLOWED" operation="unlink" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="d" denied_mask="d" fsuid=0 ouid=0
  ^C

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: apparmor 2.10.95-0ubuntu2.7
  ProcVersionSignature: Ubuntu 4.10.0-35.39~16.04.1-generic 4.10.17
  Uname: Linux 4.10.0-35-generic x86_64
  NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Sep 25 21:27:07 2017
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.10.0-35-generic root=UUID=3bdb5792-d2a2-4f98-97bd-f274c3d0dde1 ro quiet splash crashkernel=384M-:128M vt.handoff=7
  SourcePackage: apparmor
  Syslog:
   Sep 25 10:34:40 comp dbus[1174]: [system] AppArmor D-Bus mediation is enabled
   Sep 25 18:34:05 comp dbus[1083]: [system] AppArmor D-Bus mediation is enabled
   Sep 25 20:10:24 comp dbus[1066]: [system] AppArmor D-Bus mediation is enabled
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1719354/+subscriptions

More information about the foundations-bugs mailing list