Since these samba profiles are experimental, not enabled by default, and even when enabled by the user, are loaded in "complain" mode, I don't think it's worth fixing for stable releases of Ubuntu.
Furthermore, they come from the src:apparmor package, not samba, and that's a risky update for such a small reason. The risk to benefit ratio is not in favor for this update. For Jammy (current Ubuntu development release), I filed https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1952242 and I will commit there most of the needed changes, leaving just the net_admin one out. Xenial is EOL, so nothing to be done there. If you want to address this in Bionic yourself, I suggest this patch for /etc/apparmor.d/usr.sbin.smbd: --- a/usr.sbin.smbd +++ b/usr.sbin.smbd @@ -49,6 +50,9 @@ /{,var/}run/samba/smbd.pid rw, /{,var/}run/samba/msg.lock/ rw, /{,var/}run/samba/msg.lock/[0-9]* rwk, + # when started by systemd + /{,var/}run/systemd/notify w, + /var/spool/samba/** rw, @{HOMEDIRS}/** lrwk, ** Changed in: samba (Ubuntu Xenial) Status: Triaged => Won't Fix ** Changed in: samba (Ubuntu Bionic) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719354 Title: apparmor blocking smbd which is in complain mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1719354/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
