I can’t start Samba on Linux – it’s blocked by Apparmor

I can’t start Samba on Linux – it’s blocked by Apparmor

You can’t start Samba on Linux, and you have Samba installed on your system. It’s because of Apparmor!

First, let’s look at our Samba installation.

linux-7tpy:/home/poganin # smbstatus

Samba version 4.1.3-3.12.1-3127-SUSE-oS13.1-i386

PID Username Group Machine

——————————————————————-

Service pid machine Connected at

——————————————————-

No locked files

You can’t even start nmb and smb daemons manually. They failed to be active, and you see errors. They are blocked by Apparmor.

Let’s configure Apparmor to allow Samba daemons to run (it’s in Polish, sorry, but you will get this information in your language). We are going to use the logprof command. It’s an utility program for managing AppArmor security profiles. Remember, write on Console “A” for Allow to allow those daemons start. And then, at the end, write “S” for Save to save the Apparmor profile.

linux-7tpy:/home/poganin # logprof

Odczytywanie wpisów dziennika z /var/log/messages.

Aktualizacja profilów w /etc/apparmor.d.

Zmiany w trybie wymuszania:

Profil: /usr/sbin/nmbd

Ścieżka: /var/run/samba/

Tryb: w

Poziom: nieznany

[1 – /var/run/samba/]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts

Dodawanie /var/run/samba/ w do profilu.

Profil: /usr/sbin/smbd

Ścieżka: /var/run/samba/

Tryb: w

Poziom: nieznany

[1 – /var/run/samba/]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts

Dodawanie /var/run/samba/ w do profilu.

= Changed Local Profiles =

Następujące profile lokalne zostały zmienione. Czy zapisać je?

[1 – /usr/sbin/nmbd]

2 – /usr/sbin/smbd

(S)ave Changes / [(V)iew Changes] / Abo(r)t

Zapisywanie zaktualizowanego profilu dla /usr/sbin/nmbd.

Zapisywanie zaktualizowanego profilu dla /usr/sbin/smbd.

linux-7tpy:/home/poganin #

AppArmor security profiles have been updated. Now, Apparmor will let the Samba daemons run. Just restart the system and try it out.

I hope it’s clear!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s