Bug 1292783

Summary: (RHEL6) CTDB: SELinux: AVC's triggered while executing smbcontrol via 49.winbind script
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Michael Adam <madam>
Component: sambaAssignee: Anoop C S <anoopcs>
Status: CLOSED WORKSFORME QA Contact: storage-qa-internal <storage-qa-internal>
Severity: high Docs Contact:
Priority: unspecified    
Version: rhgs-3.1CC: anoopcs, gdeschner, madam, nlevinki, rhs-smb, sankarshan, storage-qa-internal, vdas
Target Milestone: ---Keywords: Reopened, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Current SELinux policy prevents ctdb's 49.winbind event script from executing smbcontrol. This can create inconsistent state in winbind, because when a public IP address is moved away from a node, winbind fails to drop connections made through that IP address.
 Story Points: ---
Clone Of: 1291194
: 1293785 (view as bug list) Environment:
Last Closed: 2018-04-30 08:04:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1268895, 1293785    

Comment 2 Michael Adam 2015-12-21 20:28:45 UTC 
We really should have some fix or workaround for this.

Ultimately this needs to be fixed in RHEL selinux policy, as far as I can tell, but this is broken in RHGS installs using CTDB_MANAGES_WINBIND for CTDB.
Comment 4 Michael Adam 2016-02-01 22:54:56 UTC 
same comment as for bug #1291194 applies:

the text should read

"prevents ctdb's 49.winbind event script from executing smbcontrol"
Comment 6 Michael Adam 2016-02-03 12:01:11 UTC 
Thanks, the text looks good now,
Comment 11 Amar Tumballi 2018-04-19 04:16:51 UTC 
Closed the samba bugs in bulk when PM_Score was less than 0. As the team was working on few of them, opening all of them.