Bug 1292783 - (RHEL6) CTDB: SELinux: AVC's triggered while executing smbcontrol via 49.winbind script
Summary: (RHEL6) CTDB: SELinux: AVC's triggered while executing smbcontrol via 49.winb...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: samba
Version: rhgs-3.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Anoop C S
QA Contact: storage-qa-internal@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1268895 1293785
TreeView+ depends on / blocked
 
Reported: 2015-12-18 10:44 UTC by Michael Adam
Modified: 2018-04-30 08:04 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
Current SELinux policy prevents ctdb's 49.winbind event script from executing smbcontrol. This can create inconsistent state in winbind, because when a public IP address is moved away from a node, winbind fails to drop connections made through that IP address.
Clone Of: 1291194
: 1293785 (view as bug list)
Environment:
Last Closed: 2018-04-30 08:04:50 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1560732 0 unspecified CLOSED Commands to enable and disable CTDB scripts are incorrect 2021-02-22 00:41:40 UTC

Internal Links: 1560732

Comment 2 Michael Adam 2015-12-21 20:28:45 UTC 
We really should have some fix or workaround for this.

Ultimately this needs to be fixed in RHEL selinux policy, as far as I can tell, but this is broken in RHGS installs using CTDB_MANAGES_WINBIND for CTDB.
Comment 4 Michael Adam 2016-02-01 22:54:56 UTC 
same comment as for bug #1291194 applies:

the text should read

"prevents ctdb's 49.winbind event script from executing smbcontrol"
Comment 6 Michael Adam 2016-02-03 12:01:11 UTC 
Thanks, the text looks good now,
Comment 11 Amar Tumballi 2018-04-19 04:16:51 UTC 
Closed the samba bugs in bulk when PM_Score was less than 0. As the team was working on few of them, opening all of them.
Note You need to log in before you can comment on or make changes to this bug.