Need a verificaton on ntp settings with apparmor for samba

L.P.H. van Belle belle at
Wed May 1 09:06:22 UTC 2019

Hai guys, 
We found some things off in the ntp settings of chrony and ntp 
I dont know which parts are exact used buy samba and/or winbind in conjunction with ntp. 
we know these are correct. 
 # To sign replies to MS-SNTP clients by the smbd daemon in /var/lib/samba
/var/lib/samba/ntp_signd r,
/var/lib/samba/ntp_signd/{,*} rw,
I notice this one was in ntp its apparmor profile but not in chrony, is this one needed at all? 
# samba4 winbindd pipe
/{,var/}run/samba/winbindd r,
/{,var/}run/samba/winbindd/pipe r,

And i've added this part in case its needed but again i can't tell if thats correct. 
# samba4 winbindd_privileged pipe
/var/lib/samba/winbindd_privileged r,
/var/lib/samba/winbindd/pipe r,

Can someone verify these winbind parts. 
Then i can update the bug reports on this on Debian. 

Best regards, 


More information about the samba-technical mailing list