[apparmor] [MERGE] profiles: permit clustered Samba access to CTDB socket and databases
David Disseldorp
ddiss at suse.de
Tue Jul 8 14:57:22 UTC 2014
Thanks for the feedback Seth...
On Mon, 7 Jul 2014 11:16:32 -0700, Seth Arnold wrote:
> On Fri, Jul 04, 2014 at 12:24:12PM +0200, David Disseldorp wrote:
> > The attached profile update is required for Samba to operate as part of
> > a cluster alongside CTDB.
>
> Thanks David, I've got a few questions, as this is the first I've heard of
> CTDB.
>
> Does samba entirely "own" CTDB? Or are there other potential users for it
> on a cluster? Maybe these privileges are fine and reasonable if Samba owns
> the service entirely but they might be far too broad if CTDB is providing
> service for other tools.
As far as I'm aware, Samba is the only project that directly accesses
the database files under /var/lib/ctdb/. That said, ctdb-devel provides
a means for other application to do the same.
> Is there any need of /etc/ctdb/ and related files?
No, AFAICT they're only used by ctdb. smbd, nmbd and winbindd don't
require access.
Cheers, David
More information about the AppArmor
mailing list