I wish there were more Invisible like you making a difference!!!
Hi my share are also located outside of home directory how can I whitelist it
let’s say this is my location
/mnt/befadfl-asdklf-wuqio-0e1/cupcakes/pineapple
I’ve opened nano to edit it I just don’t know what word to enter
Have a look at the example in the linked Arch wiki. Replace /data with your path. Save it and then restart AppArmor service or reboot your System.
1 Like
/etc/apparmor.d/local/usr.sbin.smbd
"/data/" rk,
"/data/**" lrwk,
hey thanks but what’s rk, lrwk written in arch wiki , do I have to add it too if so which one rk or lrwk or both
Upgrade without samba and smbclient.
Same issue after doing a full upgrade.
About 5 times, I restored and confirmed using snapshot.
I’ll leave it alone for the time being.
My personal opinion and expectation is that editing a working smb.conf is just a waste of time.
Kernel: 5.18.14-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 12.1.0
Desktop: Cinnamon v: 5.4.9 Distro: Manjaro Linux base: Arch Linux
r ead, w rite and so on. A more detailed description can be found in the AppArmor documentation:
Hi, I’m having the same problem but my shares are in the home folder. Same problem on multiple computers.
This fix seems to work. I believe you need BOTH AppArmor settings. And then you need to RESTART AppArmor via “sudo systemctl restart apparmor”
Hey thanks a lot! You saved my day. I couldn’t figure out what went suddenly wrong and wasted hours to find the reason (thought it was a recent Windows update).
In my case, a folder under my /home/user was shared, but not my Dropbox folder under /media/… It also didn’t matter that until today I shared a link to that Dropbox folder under my /home/user directory.
Your solution works perfectly!
Thank you. This is what I needed to do also. The SAMBA doc should be updated to include this step.
Hello, Manjaro Users
I’m so sorry but that not fixed my problem [My Dirty Solution below 
] , I think AppArmor is preventing something with Samba…
I’m already tried that, even clean smb.conf with no share at all
[global]
workgroup = TACKLE
server string = Manjaro Samba Server
server role = standalone server
log file = /var/log/samba/log.%m
max log size = 50
guest account = nobody
map to guest = Bad Password
min protocol = SMB2
max protocol = SMB3
I’m still unable to connect to Samba. Only dirty way to fixed my problem is Disable AppArmor
#- Disable AppArmor
systemctl disable apparmor
#- and reboot your computer
reboot
#- Problem fixed, but dirty way
#- For random people on the internet, you can re-enable AppArmor again by
systemctl enable apparmor
#- and reboot your computer
reboot
And Fixed!!! 
That very dirty way. I need more time to troubleshooting and understanding apparmor… Like how to property configuration AppArmor with Samba
It’s working but less secure 
… Yep I known that very bad idea to Disable AppArmor
Now I’m known the root problem is AppArmor
Anyone have any idea how to proper way to fix my AppArmor?
//Almost problem solved
Thank you
Apidech T.
3 Likes
Glad to hear your problem got fixed @Tacklezaza
I’m still stuck how to edit AppArmor, when I first configured it , it stopped working so I bring it back to its original state and AppArmor start working again so surely I don’t know how to edit AppArmor
can someone help me?
let’s say I have following location and I want to make it read, write and executable
/mnt/befadfl-asdklf-wuqio-0e1/cupcakes/pineapple
How can I do it?
Hi, @Char
OK. what have you tried so far … I mean what have you done. what config that you already tried and not working… for example, post like this and other user can help you
#- nano /etc/apparmor.d/local/usr.sbin.smbd
"/mnt/befadfl-asdklf-wuqio-0e1/cupcakes/pineapple/" rk,
"/mnt/befadfl-asdklf-wuqio-0e1/cupcakes/pineapple/**" lrwk,
Don’t forget to restart your pc every time you changed the config. Since AppArmor is not a normal service that you can systemctl restart apparmor like other service. It’s need to deep reload in some way
Did my dirty solution work for you? Just asking…
sudo systemctl disable apparmor
reboot
1 Like
I tried this and it’s not working
"/mnt/befadfl-asdklf-wuqio-0e1/cupcakes/pineapple" rwx
Have you tried simple smb.conf with no sharing
[global]
workgroup = TACKLE
server string = Manjaro Samba Server
server role = standalone server
log file = /var/log/samba/log.%m
max log size = 50
guest account = nobody
map to guest = Bad Password
min protocol = SMB2
max protocol = SMB3
//then systemctl restart smb
And try to browse your samba, can you browse it? with file browser or with terminal?
smbclient -L localhost -U%
Have to tried to disable AppArmor? like I said before systemctl disable apparmor
I tried a simple AppArmor config it seems to work now. I can access the files in the share.
❯ cat /etc/apparmor.d/local/usr.sbin.smbd
“/mnt/Data/Shared/**” rwlk,
Only thing is when you try to list the shares using smbclient -L host_name_here you do not get a list.
❯ smbclient -L localhost -U%
Sharename Type Comment
--------- ---- -------
SMB1 disabled -- no workgroup available
I’m not sure I understand you…
in my case whitelisting the folder containing the shares like in the example above, did the trick.
the old config for example is working again without changing anything.
smbclient -L localhost -U%
not showing shares is normal I think under these circumstances,
as is not being able to directly access smb://hostname/ since a couple of major updates ago
but being ignorant, I leave this up to the more experts here to shed some light on this matter.
by specifying hostname and share name explicitly I’m able to access all configured shares
smb://hostname/sharename
this works for me on the Linux box and from any other windows10/11 machines on our lan.
woho it start working for me too but in my case I had to completely disable AppArmor
I hope it’s not some crucial config file and hopefully my system wouldn’t broke
Thank you everyone!
solution for me
Attempt all upgrades that exclude apparmor.
Do not upgrade to disable apparmor. use 3.0.4-2.
do not use 3.0.7.
This is working perfectly for now.
1 Like