Created attachment 881724 [details] AVC logs. Description of problem: Hi. While running this test: https://beaker.engineering.redhat.com/recipes/1280182#task20066479 git repo: http://pkgs.devel.redhat.com/cgit/tests/samba/tree/sanity/domain-trusts some strange avc (which are included) raises. Maybe this is samba bug (saddr params looks very suspicious).
AVC Report ======================================================== # date time comm subj syscall class permission obj event ======================================================== 1. 03/21/2014 23:26:17 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 85 2. 03/21/2014 23:29:33 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 87 3. 03/21/2014 23:29:33 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 86 4. 03/21/2014 23:31:13 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 88 5. 03/21/2014 23:31:13 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 89 6. 03/21/2014 23:32:53 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 90 7. 03/21/2014 23:32:53 smbd root:system_r:smbd_t:s0 102 unix_stream_socket connectto root:system_r:nmbd_t:s0 denied 91
#============= smbd_t ============== #!!!! This avc is allowed in the current policy allow smbd_t nmbd_t:unix_stream_socket connectto;
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1205.html