Back to bug 1240198
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| surabhi | 2015-07-06 08:20:35 UTC | Summary | SELINUX: Active directory user not able to access the share because of permission denied when SELinux is set to enforcing | SELINUX: Domain user not able to access the share because of permission denied when SELinux is set to enforcing |
| surabhi | 2015-07-06 08:25:21 UTC | Blocks | 1212796 | |
| surabhi | 2015-07-06 08:33:12 UTC | Summary | SELINUX: Domain user not able to access the share because of permission denied when SELinux is set to enforcing | SELinux: Issues in setting up Windows Active directory with samba and access of share denied using domain users. |
| surabhi | 2015-07-06 08:36:00 UTC | CC | annair, pprakash | |
| Vivek Agarwal | 2015-07-06 12:00:23 UTC | Priority | unspecified | urgent |
| CC | vagarwal | |||
| Blocks | 1202842 | |||
| Rejy M Cyriac | 2015-07-06 14:37:48 UTC | CC | rcyriac | |
| Red Hat Bugzilla Rules Engine | 2015-07-06 14:40:23 UTC | Target Release | --- | RHGS 3.1.0 |
| Milos Malik | 2015-07-07 09:51:48 UTC | CC | mmalik | |
| Prasanth | 2015-07-08 06:33:38 UTC | Summary | SELinux: Issues in setting up Windows Active directory with samba and access of share denied using domain users. | [SELinux]: Issues in setting up Windows Active directory with samba and access of share denied using domain users (RHEL-6.7) |
| Prasanth | 2015-07-08 06:35:13 UTC | CC | sbhaloth | |
| Flags | needinfo?(sbhaloth) | |||
| surabhi | 2015-07-08 13:41:56 UTC | Flags | needinfo?(sbhaloth) | |
| Prasanth | 2015-07-09 06:32:20 UTC | Blocks | 1241360 | |
| Prasanth | 2015-07-09 06:32:27 UTC | Blocks | 1241361 | |
| Prasanth | 2015-07-09 06:34:58 UTC | Blocks | 1241360, 1241361 | |
| Depends On | 1241360 | |||
| Prasanth | 2015-07-17 15:01:11 UTC | QA Contact | storage-qa-internal | sbhaloth |
| Prasanth | 2015-07-17 18:23:20 UTC | Status | NEW | ASSIGNED |
| Vivek Agarwal | 2015-07-20 13:14:44 UTC | Status | ASSIGNED | MODIFIED |
| errata-xmlrpc | 2015-07-21 06:09:42 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-21 06:27:21 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-21 10:00:22 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-21 10:40:04 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 02:47:16 UTC | Status | MODIFIED | ON_QA |
| Rejy M Cyriac | 2015-07-22 04:02:10 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 07:32:14 UTC | Status | MODIFIED | ON_QA |
| Rejy M Cyriac | 2015-07-22 09:51:51 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 13:54:15 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-22 14:39:36 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-23 10:16:38 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-23 11:38:01 UTC | Status | ON_QA | MODIFIED |
| Vivek Agarwal | 2015-07-23 11:38:45 UTC | Blocks | 1202842 | |
| errata-xmlrpc | 2015-07-24 11:58:33 UTC | CC | rjoseph | |
| Whiteboard | core | |||
| Status | MODIFIED | ON_QA | ||
| Vivek Agarwal | 2015-07-24 12:00:38 UTC | Status | ON_QA | MODIFIED |
| Vivek Agarwal | 2015-07-27 07:23:23 UTC | Blocks | 1216951 | |
| Vivek Agarwal | 2015-07-27 09:11:43 UTC | Doc Text | Workaround | |
| Doc Type | Bug Fix | Known Issue | ||
| surabhi | 2015-07-27 14:33:26 UTC | Doc Text | Workaround | As per the bug, the Active directory integration of samba and gluster will fail and you will see the AVC denial's for nmb,winbind and smbd processes. In order to rectify the problem please use the workaround mentioned below. Step 1: # cat bz1240198.te policy_module(bz1240198,1.1) require { type nmbd_t; type smbd_t; type winbind_var_run_t; type smbd_var_run_t; type winbind_t; type nmbd_var_run_t; } manage_sock_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t) files_pid_filetrans(nmbd_t, nmbd_var_run_t, { sock_file }) files_pid_filetrans(winbind_t, winbind_var_run_t, { sock_file }) filetrans_pattern(winbind_t, smbd_var_run_t, winbind_var_run_t, dir) filetrans_pattern(nmbd_t, smbd_var_run_t, nmbd_var_run_t, { sock_file file }) manage_files_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t) manage_dirs_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t) manage_sock_files_pattern(winbind_t, smbd_var_run_t, smbd_var_run_t) allow nmbd_t nmbd_var_run_t:sock_file { create unlink }; allow nmbd_t smbd_var_run_t:file { write read lock create unlink open }; allow nmbd_t smbd_var_run_t:sock_file { create unlink }; Step 2: # make -f /usr/share/selinux/devel/Makefile Compiling targeted bz1240198 module /usr/bin/checkmodule: loading policy configuration from tmp/bz1240198.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/bz1240198.mod Creating targeted bz1240198.pp policy package rm tmp/bz1240198.mod tmp/bz1240198.mod.fc Step 3: # semodule -i bz1240198.pp |
| Rejy M Cyriac | 2015-08-03 05:41:03 UTC | Status | MODIFIED | ON_QA |
| Fixed In Version | selinux-policy-3.7.19-279.el6_7.2 | |||
| surabhi | 2015-08-04 12:55:14 UTC | Status | ON_QA | VERIFIED |
| Vivek Agarwal | 2015-08-10 07:44:28 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2015-08-10 03:44:28 UTC | |||
| Rejy M Cyriac | 2015-08-11 09:19:30 UTC | Fixed In Version | selinux-policy-3.7.19-279.el6_7.2 | selinux-policy-3.7.19-279.el6_7.4 |
Back to bug 1240198