Hi Louis,So According to the information gleaned in #928168¹, adding a rule to allow read access to winbindd pipe doesn’t seem necessary‽ As far as I can see from my local tests, only read/write access to /var/lib/samba/ntp_signd/socket is needed. Could you please confirm?
If so, chronyd’s Apparmor profile should just include (for samba ofc): /var/lib/samba/ntp_signd/socket rw, Cheers, Vincent ¹ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928168
signature.asc
Description: PGP signature
