| Summary: | nmb.service fails to start | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marcos Mello <marcosfrm> | |
| Component: | samba | Assignee: | Guenther Deschner <gdeschner> | |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 16 | CC: | asn, bugs.michael, dwalsh, gdeschner, jlayton, judge.mentok.the.mindtaker, me, mgrepl, ssorce | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | samba-3.6.1-74.fc16 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 743539 (view as bug list) | Environment: | ||
| Last Closed: | 2011-11-05 01:27:58 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 743539 | |||
# cat /var/log/samba/log.nmbd
[2011/09/27 12:10:21, 0] nmbd/nmbd.c:860(main)
nmbd version 3.6.0-72.fc16 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
[2011/09/27 12:10:21, 0] lib/util_sock.c:1322(create_pipe_sock)
error creating socket directory /var/nmbd: Permissão negada
[2011/09/27 12:10:21, 0] nmbd/nmbd_packets.c:48(nmbd_init_packet_server)
ERROR: nb_packet_server_create failed: NT_STATUS_ACCESS_DENIED
# grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1317136221.482:24): avc: denied { write } for pid=910 comm="nmbd" name="var" dev=sda2 ino=261633 scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
https://bugzilla.samba.org/show_bug.cgi?id=8230 http://gitweb.samba.org/?p=samba.git;a=commit;h=a10029b854a7bfb536b9ed1cd0c4383f9ff8b3c0 related? (In reply to comment #2) > https://bugzilla.samba.org/show_bug.cgi?id=8230 > http://gitweb.samba.org/?p=samba.git;a=commit;h=a10029b854a7bfb536b9ed1cd0c4383f9ff8b3c0 > > related? Yep, looks like we should either allow nmbd to create /var/nmbd or precreate it. Adding Dan Walsh in CC so he can tell us what's best/easiest from the SELinux point of view. Or use the "--with-nmbdsocketdir" configure option I think. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628121 /var/nmbd should be in the spec file. And shouldn't it be in /var/lib/nmbd? Or /var/run/nmbd? Is this a new directory and does nmbd_t need to be able to manage all content within this directory? For Samba 4 upstream will use /var/run/nmbd by default. http://gitweb.samba.org/?p=samba.git;a=commit;h=edd3e8b03aa0bca85d4a9a62b35471e76a1f9390 With 3.6 --with-nmbdsocketdir=/var/run/nmbd will make SELinux happy, won't it? Yes, this better. Does nmbd_t need to be able to manage all content within this directory? FWIK the "unexpected" socket is the only thing created there (at least now). It's used by nmbd for some tasks. http://gitweb.samba.org/?p=samba.git;a=commit;h=b2c62d639d7fd565d39a999d500018b290b5279f (In reply to comment #5) > /var/nmbd should be in the spec file. > > And shouldn't it be in /var/lib/nmbd? Or /var/run/nmbd? > > Is this a new directory and does nmbd_t need to be able to manage all content > within this directory? Yes, we will use --with-nmbdsocketdir=/var/run/nmbd and nmbd_t needs to be able to manage all content within this directory. samba-3.6.0-73.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/samba-3.6.0-73.fc16 Package samba-3.6.0-73.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing samba-3.6.0-73.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/samba-3.6.0-73.fc16 then log in and leave karma (feedback). samba-3.6.0-73.fc16 doesn't fixed this bug.
nmb.service doesn't start.
/var/log/messages after systemctl start nmb.service:
Oct 5 13:47:53 localhost kernel: [ 1075.030257] type=1400 audit(1317808073.321:141): avc: denied { create } for pid=7983 comm="nmbd" name="unexpected" scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:object_r:nmbd_var_run_t:s0 tclass=sock_file
Oct 5 13:47:53 localhost systemd[1]: PID 7983 read from file /run/nmbd.pid does not exist. Your service or init script might be broken.
Oct 5 13:47:53 localhost systemd[1]: nmb.service: main process exited, code=exited, status=1
Oct 5 13:47:53 localhost systemd[1]: Unit nmb.service entered failed state.
# ls -alZ /run/nmb*
-rw-r--r--. root root system_u:object_r:nmbd_var_run_t:s0 /run/nmbd.pid
/run/nmbd:
drwxr-xr-x. root root system_u:object_r:nmbd_var_run_t:s0 .
drwxr-xr-x. root root system_u:object_r:var_run_t:s0 ..
We need selinux-policy 3.10.0-37.fc16. The repository still has -36 which doesn't allow nmbd to write to /var/run/nmbd. Yes, I need to re-edit an update but I am fixing other issues so I will do it asap. Problem fixed with samba-3.6.0-73.fc16 and selinux-policy-3.10.0-38.fc16. Thanks! samba-3.6.1-74.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/samba-3.6.1-74.fc16 samba-3.6.1-74.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. I have a clean install of FC 16 fully upgraded and I have this issue. kernel 3.2.9-2.fc16 samba 3.6.3-78.fc16 nmb and smb services are enabled in systemctl. smb comes up fine on a reboot. nmb always comes up in a failed state at launch. restarting nmb after login always works but why can't it come up cleanly on boot?! Oh, and this behavior occurs when I have SELinux in Permissive or Disabled mode. Sorry for comment spam, but I just found this post: http://forums.fedoraforum.org/showthread.php?t=273377 And bizarrely it appears to work. I did: systemctl isolate runlevel1.target systemctl isolate runlevel5.target reboot upon reboot nmb and smb started. |
I just did a minimal Fedora 16 install using Beta RC3 i686 DVD, configured the network (without NM) and installed Samba (3.6.0-72.fc16). Here's the service status: # systemctl status nmb.service nmb.service - Samba NMB Daemon Loaded: loaded (/lib/systemd/system/nmb.service; enabled) Active: failed since Tue, 27 Sep 2011 07:17:51 -0300; 19s ago Process: 1580 ExecStart=/usr/sbin/nmbd $NMBDOPTIONS (code=exited, status=0/SUCCESS) Main PID: 1581 (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/nmb.service And it continues at failed state no matter how many times I try to start it. The smb.service runs fine, but without nmb.service, other machines are unable to see the Samba server. Maybe it's a bug 486231 duplicate.