Description of problem: Over a RHEL 7.4 , 3.3.0 samba-cdtb setup avc denied messages as shown below are seen. There is no functional issue seen as such. type=AVC msg=audit(1499168563.384:321703): avc: denied { write } for pid=7924 comm="ip" path="/run/ctdb/ctdbd.pid" dev="tmpfs" ino=34967954 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:ctdbd_var_run_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-3.13.1-165.el7.noarch samba-4.6.3-3.el7rhgs.x86_64 glusterfs-3.8.4-32.el7rhgs.x86_64 How reproducible: Always Steps to Reproduce: 1. Over samba ctdb setup run any IOs 2. Check for avc denied in audit.log 3. Actual results: Getting avc denied text Expected results: Should not get any avc denied Additional info: type=AVC msg=audit(1499168563.384:321703): avc: denied { write } for pid=7924 comm="ip" path="/run/ctdb/ctdbd.pid" dev="tmpfs" ino=34967954 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:ctdbd_var_run_t:s0 tclass=file
No functional issues are seen as of now.
Fixed upstream: https://git.samba.org/?p=samba.git;a=commit;h=3e85cbfd7541d8f30ce1f3244ebcc44332b394fe see Samba upstream bug in 'External trackers' for more details.
No AVC denied messages are seen so far with the latest build i.e samba-4.6.3-5.el7rhgs. Marking this as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2780