Description of problem: SELinux is preventing /usr/sbin/smbd from execute_no_trans access on the file /usr/sbin/smbd See AVC messages from /var/log/audit/audit.log below: ###### type=AVC msg=audit(1429776701.633:1187): avc: denied { execute_no_trans } for pid=9815 comm="S30samba-stop.s" path="/usr/sbin/smbd" dev=dm-0 ino=152897 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:smbd_exec_t:s0 tclass=file type=SYSCALL msg=audit(1429776701.633:1187): arch=c000003e syscall=59 success=yes exit=0 a0=fe9ae0 a1=fe85f0 a2=fe8160 a3=18 items=0 ppid=9814 pid=9815 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:glusterd_t:s0 key=(null) ###### Version-Release number of selected component (if applicable): ##### glusterfs-fuse-3.7dev-0.1009.git8b987be.el6.x86_64 glusterfs-cli-3.7dev-0.1009.git8b987be.el6.x86_64 glusterfs-3.7dev-0.1009.git8b987be.el6.x86_64 glusterfs-server-3.7dev-0.1009.git8b987be.el6.x86_64 glusterfs-libs-3.7dev-0.1009.git8b987be.el6.x86_64 glusterfs-api-3.7dev-0.1009.git8b987be.el6.x86_64 samba-vfs-glusterfs-4.1.17-4.el6rhs.x86_64 ##### How reproducible: Always Steps to Reproduce: 1. Install the RHEL6 glusterfs 3.7 nightly builds from http://download.gluster.org/pub/gluster/glusterfs/nightly/glusterfs-3.7/epel-6-x86_64/ 2. Create a volume and start it 3. Check for the AVC's in /var/log/audit/audit.log . Actual results: Above mentioned AVC is seen in the logs. Expected results: If you want to ignore smbd trying to execute_no_trans access the smbd file, because you believe it should not need this access, please consider fixing it.
Install RHEL6.7 Install gluster rpms for RHGS3.1 Install samba rpms for RHGS3.1 create volume and start the volume Start smb service glusterfs-3.7.0-3.el6rhs.x86_64 samba-4.1.17-5.el6rhs.x86_64 selinux-policy-3.7.19-271.el6.noarch selinux-policy-targeted-3.7.19-271.el6.noarch selinux-policy-mls-3.7.19-271.el6.noarch There are no AVC's seen in audit log after starting the volume and starting smb service.Moving the BZ to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html