[Pkg-samba-maint] Bug#1069661: samba: apparmor integration broken since change to local systemd units in 2:4.19.4+dfsg-1

Alex Murray alex.murray at canonical.com
Mon Apr 22 10:18:17 BST 2024 

Package: samba
Version: 2:4.19.5+dfsg-4
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch

Dear Maintainer,

*** /tmp/tmpz7e0qwfp/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

When samba was updated to ship local systemd service unit files in 2:4.19.4+dfsg-1
the ExecStartPre directive was not included. As such the integration with apparmor
via the update-apparmor-samba-profile script was lost. The previously used patch
can be dropped as the file that is patched is now not used and instead the locally
maintained systemd unit is updated to include this directive instead.

debian/changelog from Ubuntu as is follows:

  * Fix apparmor integration with smbd.service (LP: #2063079)
    - d/patches: remove unnecessary
      smbd.service-Run-update-apparmor-samba-profile-befor.patch patch
      since we don't use the packaging/systemd/smd.service.in template
    - d/samba.smbd.service: update to invoke update-apparmor-samba-profile
      help via ExecStartPre directly


Thanks for considering the patch.


-- System Information:
Debian Release: trixie/sid
  APT prefers noble
  APT policy: (500, 'noble')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-28-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
diff -Nru samba-4.19.5+dfsg/debian/patches/series samba-4.19.5+dfsg/debian/patches/series
--- samba-4.19.5+dfsg/debian/patches/series	2024-03-05 04:34:57.000000000 +1030
+++ samba-4.19.5+dfsg/debian/patches/series	2024-04-22 16:08:04.000000000 +0930
@@ -5,7 +5,6 @@
 usershare.patch
 heimdal-rfc3454.txt
 add-so-version-to-private-libraries
-smbd.service-Run-update-apparmor-samba-profile-befor.patch
 fix-nfs-service-name-to-nfs-kernel-server.patch
 ctdb-config-enable-syslog-by-default.patch
 Force-LDB-as-standalone.patch
diff -Nru samba-4.19.5+dfsg/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch samba-4.19.5+dfsg/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch
--- samba-4.19.5+dfsg/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch	2023-09-12 02:58:56.000000000 +0930
+++ samba-4.19.5+dfsg/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch	1970-01-01 09:30:00.000000000 +0930
@@ -1,25 +0,0 @@
-From 0ecd28ff3fd7f3d5c20705a2b8233fc8648cbf9c Mon Sep 17 00:00:00 2001
-From: Mathieu Parent <math.parent at gmail.com>
-Date: Thu, 21 Feb 2019 21:04:30 +0100
-Subject: [PATCH] smbd.service: Run update-apparmor-samba-profile before start
-
-Bug-Debian: https://bugs.debian.org/896080
----
- packaging/systemd/smb.service.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/packaging/systemd/smb.service.in b/packaging/systemd/smb.service.in
-index 18912ef0e98..6bb24861682 100644
---- a/packaging/systemd/smb.service.in
-+++ b/packaging/systemd/smb.service.in
-@@ -10,6 +10,7 @@ NotifyAccess=all
- PIDFile=@PIDDIR@/smbd.pid
- LimitNOFILE=16384
- EnvironmentFile=- at SYSCONFDIR@/sysconfig/samba
-+ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
- ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS
- ExecReload=/bin/kill -HUP $MAINPID
- LimitCORE=infinity
--- 
-2.20.1
-
diff -Nru samba-4.19.5+dfsg/debian/samba.smbd.service samba-4.19.5+dfsg/debian/samba.smbd.service
--- samba-4.19.5+dfsg/debian/samba.smbd.service	2024-01-31 03:07:18.000000000 +1030
+++ samba-4.19.5+dfsg/debian/samba.smbd.service	2024-04-22 16:08:18.000000000 +0930
@@ -9,6 +9,7 @@
 PIDFile=/run/samba/smbd.pid
 LimitNOFILE=16384
 EnvironmentFile=-/etc/default/samba
+ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 LimitCORE=infinity

More information about the Pkg-samba-maint mailing list