Bug 452082 - winbindd is denied write access to secrets.tdb
winbindd is denied write access to secrets.tdb
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.6
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-19 04:30 EDT by Petr Šplíchal
Modified: 2016-05-31 21:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-23 06:38:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Šplíchal 2008-06-19 04:30:48 EDT
After joining a domain (net rpc join) winbind is unable to start because it is
denied to access /etc/samba/secrets.tdb.

Tested with:
selinux-policy-targeted-1.17.30-2.149.noarch
samba-3.0.28-0.el4.5.s390

Related RHTS Job:
http://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=24007

/var/log/samba/winbindd.log:
[2008/06/19 04:15:31, 0] passdb/secrets.c:secrets_init(67)
  Failed to open /etc/samba/secrets.tdb
[2008/06/19 04:15:31, 0] nsswitch/winbindd.c:main(1010)
  Could not initialize domain trust account secrets. Giving up

/var/log/audit/audit.log:
type=AVC msg=audit(1213863331.771:20): avc:  denied  { write } for  pid=29943
comm="winbindd" name="secrets.tdb" dev=dm-0 ino=1590762
scontext=root:system_r:winbind_t tcontext=root:object_r:samba_etc_t tclass=file

type=SYSCALL msg=audit(1213863331.771:20): arch=80000016 syscall=5 success=no
exit=-13 a0=7fffef08 a1=8042 a2=180 a3=f7ddedb2 items=1 pid=29943
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="winbindd" exe="/usr/sbin/winbindd"

type=CWD msg=audit(1213863331.771:20):  cwd="/"

type=PATH msg=audit(1213863331.771:20): name="/etc/samba/secrets.tdb" flags=310
 inode=1590760 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
Comment 1 Daniel Walsh 2008-06-22 07:57:23 EDT
If you run restorecon /etc/samba/* 

Does it fix the problem?
Comment 2 Petr Šplíchal 2008-06-23 06:12:37 EDT
Yes, using restorecon helped.
Comment 3 Daniel Walsh 2008-06-23 06:38:51 EDT
Not sure how this got mislabeled, you can try to use restorecond if you would
like to watch this file and maintain it's label.

Note You need to log in before you can comment on or make changes to this bug.