[Samba] split horizon and authoritative answers..?
Joachim Lindenberg
samba at lindenberg.one
Tue Jul 30 09:30:42 UTC 2019
>> What I am struggling with though is inappropriate
>> out-of-the-box apparmor configuration. I resorted to
>> aa-complain /usr/sbin/named...
>Samba version?
root at boa:/etc/apparmor.d# samba -V
Version 4.10.6-Ubuntu
root at boa:/etc/apparmor.d# named -V
BIND 9.11.3-1ubuntu1.8-Ubuntu (Extended Support Version) <id:a375815>
>And what did you change exactly.
Obviously some configuration in /etc/bind.
I added an apparmor configuration I found somewhere:
root at boa:/etc/apparmor.d# cat local/usr.sbin.named
# /var/lib/samba/private/named.conf
# Samba4 DLZ and Active Directory Zones (default source installation)
/var/lib/samba/lib/** rm,
/var/lib/samba/private/dns.keytab r,
/var/lib/samba/bind-dns/named.conf r,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns/** rwk,
(I added the bind-dns line).
But that is obviously incomplete.
root at boa:/etc/apparmor.d# aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:
Profile: /usr/sbin/named
Path: /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so
Old Mode: r
New Mode: mr
Severity: unknown
[1 - #include <abstractions/lxc/container-base>]
2 - #include <abstractions/lxc/start-container>
3 - #include <abstractions/ubuntu-browsers.d/plugins-common>
4 - /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_*.so mr,
5 - /{usr/,}lib{,32,64}/** mr,
6 - /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so mr,
>> any chance that this is going to be improved?
>If i know what,i then i can tell.
I like your attitude!
Thanks, Joachim
More information about the samba
mailing list