New issue by mustaqimM on void-packages repository https://github.com/void-linux/void-packages/issues/33335 Description: ### System * xuname: `Void 5.13.19_1 x86_64 GenuineIntel uptodate rrFFFF` * package: `samba-4.14.7_1` `libapparmor-3.0.3_1 ` ### Expected behavior The samba service is run but a user is unable to connect to it because the necessary aren't set or misconfigured. ### Actual behavior ```bash 2021-10-04T17:36:41.68394 daemon.notice: Oct 4 19:36:41 smbd: directory_create_or_exist: mkdir failed on directory /run/lock/samba/msg.lock: Permission denied 2021-10-04T17:36:41.68430 kern.notice: [ 2298.919937] audit: type=1400 audit(1633369001.682:2245): apparmor="DENIED" operation="mkdir" profile="smbd" name="/run/lock/samba/msg.lock/" pid=7970 comm="smbd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 ``` This is just the first error of the path not correctly set in `/etc/apparmor.d/abstractions/samba` ### Steps to reproduce the behavior 1. Enable `apparmor` in the kernel cmdline: `apparmor=1 security=apparmor` 2. Start the `smbd` service The necessary rules to make it work: ```bash /run/lock/samba/msg.lock/[0-9]* rwk, /etc/samba/private/msg.sock/[0-9]* rwk, /run/lock/samba/names.tdb rwk, /etc/samba/private/secrets.tdb rwk, /run/lock/samba/smbXsrv_version_global.tdb rwk, /run/lock/samba/smbXsrv_client_global.tdb rwk, /run/lock/samba/smbXsrv_session_global.tdb rwk, /run/lock/samba/smbXsrv_tcon_global.tdb rwk, /run/lock/samba/brlock.tdb rwk, /run/lock/samba/locking.tdb rwk, /run/lock/samba/leases.tdb rwk, /run/lock/samba/gencache.tdb rwk, /run/lock/samba/smbXsrv_open_global.tdb rwk, /etc/samba/private/passdb.tdb rwk, /run/lock/samba/smbd_cleanupd.tdb rwk, ``` This should probably be patched in `/etc/apparmor.d/abstractions/samba`. This is not entirely correct as only lock files should be marked with `k`. Some rules like the `msg.lock` folder in `abstractions/samba` point to `@{run}/samba/msg.lock/` when it's actually located at `/run/lock/samba/msg.lock`