Bug 1241361
Summary: | [SELinux]: Issues in setting up Windows Active directory with samba and access of share denied using domain users (RHEL-7) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Prasanth <pprakash> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Milos Malik <mmalik> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.1 | CC: | annair, lvrabec, mgrepl, mmalik, nlevinki, plautrba, pprakash, pvrabec, rcyriac, rhs-smb, sbhaloth, ssekidde, storage-qa-internal, vagarwal |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-34.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1240198 | Environment: | |
Last Closed: | 2015-07-21 07:01:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1202842, 1212796 |
Description
Prasanth
2015-07-09 06:32:27 UTC
commit 6b83186d7b3151b96cccbe3b12cfae1c509450ef Author: Lukas Vrabec <lvrabec> Date: Sun Jul 19 00:00:44 2015 +0200 Allow smbd_t and nmbd_t to manage winbind_var_run_t files/socktes/dirs. Resolves: #1241361 commit e777ef7e8770ca1d450096282f6ec127c995546e Author: Lukas Vrabec <lvrabec> Date: Sat Jul 18 23:58:00 2015 +0200 Add samba_manage_winbind_pid() interface $ matchpathcon /var/run/samba/nmbd.pid/var/run/samba/nmbd.pid system_u:object_r:nmbd_var_run_t:s0 Why is it created as winbind_var_run_t? It looks the problem is /var/run/samba is created with wrong label. So I believe we need to update rules to reflect samba.fc with filename transitions. Please attach output of: $ matchpathcon /var/run/samba/ ls -lZ /var/run/samba drwxr-xr-x. root root system_u:object_r:smbd_var_run_t:s0 ncalrpc drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd Hi, After discussion with mgrepl, we agreed that dir "/var/run/samba" was mislabeled on tested system. Could you re-test this issue on new fresh installation? Putting the needinfo on Surabhi to provide the requested info. The issue was not on 7.2. clearing needinfo |