AppArmor: smbd has an enforced profile but run as unconfined

Discussion in 'all things UNIX' started by Lucy, May 13, 2010.

Thread Status:
Not open for further replies.
  1. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi Linux users,


    I am on Ubuntu Lucid Lynx.

    smbd runs as unconfined even though it has an AppArmor enforced profile.

    Maybe it is called by another program at startup... Anyway, how can I sort it out?

    Is this a bug? If yes, where can I request a correction?

    Regards,
     

    Attached Files:

    • bug.png
      bug.png
      File size:
      56.9 KB
      Views:
      351
  2. tlu

    tlu Guest

    See here. It's also explained here. Generally, unconfined processes can be found by executing sudo unconfined.

    So it should help to restart samba. It should be possible to automate that by adding

    sleep 10
    /etc/init.d/samba restart

    before the exit 0 line in /etc/rc.local.
     
  3. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Yes, I tried the solutions listed in your links and nothing changes.

    I'm gonna try your solution, but there is no real reason it works if the previous ones didn't.
     
  4. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    I confirm that adding:
    "sleep 10
    /etc/init.d/samba restart

    before the exit 0 line in /etc/rc.local."

    doesn't help.
     
  5. tlu

    tlu Guest

  6. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Dear tlu,

    Thank you to spend some time on my issue.

    It doesn't help. I restart the service, and still it runs unconfined.

    Furthermore, when I go to System/Preferences/Personnal files share, it indicates that file sharing on network can not be activated as some packages are not installed in my system.

    Something is definitely wrong, or, for sure, there is something I didn't understand properly yet.
     
  7. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Did you install Samba? When you right click to share a folder first time in Ubuntu, its then installed.
     
  8. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    I did in 9.10. I didn't check before I upgrade to Lucid.
    I have a shared forlder.
     
  9. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    Try a total purge and then reinstall samba.
     
  10. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343

    That works for me in Lucid. smbd now starts confined after the 10 second sleep.
     
  11. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi there,

    I made a clean by default install with format of Lucid, used the propositions presented here, and still I have saba running unconfined although I enforced the profile present in the repository.

    Anyone an idea. It's really annoying and disturbing. Everything would be so perfect without this issue...
     
  12. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    OK, I think I got it right: in etc/rc.local, insert
    sleep 10
    restart smbd

    before exit 0

    so that it looks like this:
     
  13. tlu

    tlu Guest

    I'm glad that you found the solution. It fits with the hint I gave in post #5.
     
  14. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    You're right. Thak you.

    It still looks strange for me as it does look like a workaround, instead of a real proper solution..
     
Loading...
Thread Status:
Not open for further replies.