Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1215640 - [SELinux] [smb] SELinux is preventing /usr/sbin/smbd from execute_no_trans access on the file /usr/sbin/smbd
[SELinux] [smb] SELinux is preventing /usr/sbin/smbd from execute_no_trans ac...
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba (Show other bugs)
3.1
Unspecified Unspecified
high Severity high
: ---
: RHGS 3.1.0
Assigned To: Jose A. Rivera
surabhi
SELinux
:
Depends On:
Blocks: 1202842 1212796
  Show dependency treegraph
 
Reported: 2015-04-27 07:23 EDT by Prasanth
Modified: 2015-07-29 00:42 EDT (History)
10 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-271.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 00:42:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1495 normal SHIPPED_LIVE Important: Red Hat Gluster Storage 3.1 update 2015-07-29 04:26:26 EDT

  None (edit)
Description Prasanth 2015-04-27 07:23:34 EDT 
Description of problem:

SELinux is preventing /usr/sbin/smbd from execute_no_trans access on the file /usr/sbin/smbd

See AVC messages from /var/log/audit/audit.log below:

######
type=AVC msg=audit(1429776701.633:1187): avc:  denied  { execute_no_trans } for  pid=9815 comm="S30samba-stop.s" path="/usr/sbin/smbd" dev=dm-0 ino=152897 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:smbd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1429776701.633:1187): arch=c000003e syscall=59 success=yes exit=0 a0=fe9ae0 a1=fe85f0 a2=fe8160 a3=18 items=0 ppid=9814 pid=9815 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:glusterd_t:s0 key=(null)
######


Version-Release number of selected component (if applicable):
#####
glusterfs-fuse-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-cli-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-server-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-libs-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-api-3.7dev-0.1009.git8b987be.el6.x86_64
samba-vfs-glusterfs-4.1.17-4.el6rhs.x86_64
#####

How reproducible: Always


Steps to Reproduce:
1. Install the RHEL6 glusterfs 3.7 nightly builds from http://download.gluster.org/pub/gluster/glusterfs/nightly/glusterfs-3.7/epel-6-x86_64/
2. Create a volume and start it
3. Check for the AVC's in /var/log/audit/audit.log
.

Actual results: Above mentioned AVC is seen in the logs.


Expected results: If you want to ignore smbd trying to execute_no_trans access the smbd file, because you believe it should not need this access, please consider fixing it.
Comment 2 surabhi 2015-06-09 01:25:29 EDT 
Install RHEL6.7 
Install gluster rpms for RHGS3.1
Install samba rpms for RHGS3.1
create volume and start the volume
Start smb service

glusterfs-3.7.0-3.el6rhs.x86_64
samba-4.1.17-5.el6rhs.x86_64
selinux-policy-3.7.19-271.el6.noarch
selinux-policy-targeted-3.7.19-271.el6.noarch
selinux-policy-mls-3.7.19-271.el6.noarch

There are no AVC's seen in audit log after starting the volume and starting smb service.Moving the BZ to verified.
Comment 3 errata-xmlrpc 2015-07-29 00:42:16 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.