[Samba] AppArmor Rules for Samba AD DC on Ubuntu 14.04 LTS
Rowland Penny
rowlandpenny241155 at gmail.com
Thu Sep 3 14:15:43 UTC 2015
On 03/09/15 14:12, Jim Seymour wrote:
> Hi All,
>
> Through interpreting what the current Wiki article says, plus some
> trial and error: The following AppArmor rules *appear* to work for a
> Samba AD DC using the stuff from the distro for Ubuntu 14.04 LTS:
>
> $ cat /etc/apparmor.d/local/usr.sbin.named
> # Site-specific additions and overrides for usr.sbin.named.
> # For more details, please see /etc/apparmor.d/local/README.
> /dev/urandom w,
> /usr/lib/i386-linux-gnu/ldb/modules/ldb/** rm,
> /usr/lib/i386-linux-gnu/samba/** rm,
> /var/lib/samba/private/dns.keytab r,
> /var/lib/samba/private/named.conf r,
> /var/lib/samba/private/dns/** rwk,
>
> But, mind you: I'm a Samba AD DC and AppArmor n00b, and I don't
> actually have Samba actually *running*, yet, so caveat emptor :)
>
> Regards,
> Jim
If you are still setting up a Samba AD DC, I would recommend turning off
apparmor until everything else is working, then turn it back on, you
will then only have one thing to debug if there are problems.
Rowland
More information about the samba
mailing list