Ubuntu
apparmor package

audit-messages in the syslog

Bug #538561 reported by Michael Fritscher
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Low
Jamie Strandboge
Lucid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: samba

I get loads of [44269.305343] type=1502 audit(1268514847.759:266861): operation="file_lock" pid=8500 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb in my syslog...

Seems that the apparmor-profil should be updated ;)

Related branches

lp:ubuntu/lucid/apparmor
Chuck Short (zulcss)
tags: added: apparmor
Revision history for this message
Mathias Gug (mathiaz) wrote :

Samba apparmor profiles are part of the apparmor-profiles package: reassigning to the apparmor package.

Is your samba installation not working at all?

affects: samba (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Michael Fritscher (michael-fritscher) wrote :

it seems at least - but I don't use the wins-server

Revision history for this message
Michael Fritscher (michael-fritscher) wrote :

I wanted to write: it seems to work ;)

Revision history for this message
Thierry Carrez (ttx) wrote :

@Michael: could you provide the following info:

Package versions:
dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | grep samba

The content of the /etc/samba/smb.conf file

Revision history for this message
Mark (mnd999) wrote :

I've got this:

libsmbclient 2:3.4.7~dfsg-1ubuntu1 samba install ok installed
libwbclient0 2:3.4.7~dfsg-1ubuntu1 samba install ok installed
samba 2:3.4.7~dfsg-1ubuntu1 install ok installed
samba-common 2:3.4.7~dfsg-1ubuntu1 samba install ok installed
samba-common-bin 2:3.4.7~dfsg-1ubuntu1 samba install ok installed
smbclient 2:3.4.7~dfsg-1ubuntu1 samba install ok installed
winbind 2:3.4.7~dfsg-1ubuntu1 samba install ok installed

Revision history for this message
Mark (mnd999) wrote :

Loads of these:

[ 291.616315] type=1502 audit(1269553901.821:1145): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616334] type=1502 audit(1269553901.821:1146): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616345] type=1502 audit(1269553901.821:1147): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616357] type=1502 audit(1269553901.821:1148): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616367] type=1502 audit(1269553901.821:1149): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd"
requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616380] type=1502 audit(1269553901.821:1150): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb"
[ 291.616392] type=1502 audit(1269553901.821:1151): operation="file_lock" pid=1456 parent=1 profile="/usr/sbin/nmbd" requested_mask="k::" denied_mask="k::" fsuid=0 ouid=0 name="/var/lib/samba/wins.tdb

smb.conf attached

Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Incomplete → Triaged
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Triaged → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.5-0ubuntu2

---------------
apparmor (2.5-0ubuntu2) lucid; urgency=low

  [ Jamie Strandboge ]
  * debian/patches/0001-lp538561.patch: add 'k' to /var/lib/samba/**.tdb in
    the samba abstraction (LP: #538561)

  [ Marc Deslauriers ]
  * debian/patches/0002-aalogprof-warnings.patch: get rid of warnings when
    aa-logprof is run.
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put apache2 profiles into the -profiles package without
    aa-logprof bailing out. (LP: #539441)
  * debian/patches/0003-fix-memleaks.patch: include a couple of leak
    patches from upstream.
 -- Marc Deslauriers <email address hidden> Fri, 26 Mar 2010 11:39:18 -0400

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Mark (mnd999) wrote :

Yes, looks to be fixed.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.5-0ubuntu2 on lucid and does not regress with 2.5.1-0ubuntu0.10.04.1 in lucid-proposed.

Changed in apparmor (Ubuntu Lucid):
status: New → Fix Released
Jamie Strandboge (jdstrand)
tags: added: verification-done
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.