When apparmor and profiles are enabled, smbd cannot start (At least on systemd). If smbd is launched manually with debug level 3: # /usr/sbin/smbd -i -d 3 tdb(/var/lock/samba/names.tdb): tdb_open_ex: failed to get open lock on /var/lock/samba/names.tdb: Permission denied Reproducible: Always Steps to Reproduce: 1.Install/enable apparmor in kernel 2.Install sec-policy/apparmor-profiles to enable default profiles 3.Enable and run smbd with it's default configuration Actual Results: SMBD exists immediately. Expected Results: SMBD runs fine. The following patch allows it to work: index f46e80e..accefb8 100644 --- a/usr.sbin.smbd +++ b/usr.sbin.smbd @@ -45,12 +45,12 @@ profile smbd /usr/{bin,sbin}/smbd { /var/lib/sss/pubconf/kdcinfo.* r, /{,var/}run/dbus/system_bus_socket rw, /{,var/}run/smbd.pid rwk, - /{,var/}run/samba/** rk, - /{,var/}run/samba/ncalrpc/ rw, - /{,var/}run/samba/ncalrpc/** rw, - /{,var/}run/samba/smbd.pid rw, - /{,var/}run/samba/msg.lock/ rw, - /{,var/}run/samba/msg.lock/[0-9]* rwk, + /{,var/}run/{,lock/}samba/** rk, + /{,var/}run/{,lock/}samba/ncalrpc/ rw, + /{,var/}run/{,lock/}samba/ncalrpc/** rw, + /{,var/}run/{,lock/}samba/smbd.pid rw, + /{,var/}run/{,lock/}samba/msg.lock/ rw, + /{,var/}run/{,lock/}samba/msg.lock/[0-9]* rwk, /var/spool/samba/** rw, @{HOMEDIRS}/** lrwk,
I made a temporary work around by with the following: dev-11 /etc/apparmor.d/local # cat usr.sbin.smbd # Site-specific additions and overrides for 'usr.sbin.smbd' /var/lock/samba/** rwk, /var/run/samba/** rwk dev-11 /etc/apparmor.d/local # cat usr.sbin.nmbd # Site-specific additions and overrides for 'usr.sbin.nmbd' /var/lock/samba/** rwk, /var/run/samba/** rwk
*** Bug 684134 has been marked as a duplicate of this bug. ***