+++ This bug was initially created as a clone of Bug #741630 +++

I just did a minimal Fedora 16 install using Beta RC3 i686 DVD, configured the network (without NM) and installed Samba (3.6.0-72.fc16).

Here's the service status:

# systemctl status nmb.service
nmb.service - Samba NMB Daemon
          Loaded: loaded (/lib/systemd/system/nmb.service; enabled)
          Active: failed since Tue, 27 Sep 2011 07:17:51 -0300; 19s ago
         Process: 1580 ExecStart=/usr/sbin/nmbd $NMBDOPTIONS (code=exited, status=0/SUCCESS)
        Main PID: 1581 (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/nmb.service

And it continues at failed state no matter how many times I try to start it. The smb.service runs fine, but without nmb.service, other machines are unable to see the Samba server.

Maybe it's a bug 486231 duplicate.

--- Additional comment from marcosfrm on 2011-09-27 14:24:10 EDT ---

# cat /var/log/samba/log.nmbd
[2011/09/27 12:10:21,  0] nmbd/nmbd.c:860(main)
  nmbd version 3.6.0-72.fc16 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2011
[2011/09/27 12:10:21,  0] lib/util_sock.c:1322(create_pipe_sock)
  error creating socket directory /var/nmbd: Permissão negada
[2011/09/27 12:10:21,  0] nmbd/nmbd_packets.c:48(nmbd_init_packet_server)
  ERROR: nb_packet_server_create failed: NT_STATUS_ACCESS_DENIED

# grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1317136221.482:24): avc:  denied  { write } for  pid=910 comm="nmbd" name="var" dev=sda2 ino=261633 scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir

--- Additional comment from marcosfrm on 2011-09-27 14:34:09 EDT ---

https://bugzilla.samba.org/show_bug.cgi?id=8230
http://gitweb.samba.org/?p=samba.git;a=commit;h=a10029b854a7bfb536b9ed1cd0c4383f9ff8b3c0

related?

--- Additional comment from ssorce on 2011-09-27 14:50:52 EDT ---

(In reply to comment #2)
> https://bugzilla.samba.org/show_bug.cgi?id=8230
> http://gitweb.samba.org/?p=samba.git;a=commit;h=a10029b854a7bfb536b9ed1cd0c4383f9ff8b3c0
> 
> related?

Yep, looks like we should either allow nmbd to create /var/nmbd or precreate it.

Adding Dan Walsh in CC so he can tell us what's best/easiest from the SELinux point of view.

--- Additional comment from marcosfrm on 2011-09-27 19:52:34 EDT ---

Or use the "--with-nmbdsocketdir" configure option I think.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628121

--- Additional comment from dwalsh on 2011-09-28 10:55:46 EDT ---

/var/nmbd should be in the spec file.

And shouldn't it be in /var/lib/nmbd?  Or /var/run/nmbd?

Is this a new directory and does nmbd_t need to be able to manage all content within this directory?

--- Additional comment from marcosfrm on 2011-09-30 20:18:22 EDT ---

For Samba 4 upstream will use /var/run/nmbd by default.

http://gitweb.samba.org/?p=samba.git;a=commit;h=edd3e8b03aa0bca85d4a9a62b35471e76a1f9390

With 3.6 --with-nmbdsocketdir=/var/run/nmbd will make SELinux happy, won't it?

--- Additional comment from mgrepl on 2011-10-03 04:52:20 EDT ---

Yes, this better.

Does nmbd_t need to be able to manage all content within this directory?

--- Additional comment from marcosfrm on 2011-10-03 07:25:26 EDT ---

FWIK the "unexpected" socket is the only thing created there (at least now). It's used by nmbd for some tasks.

http://gitweb.samba.org/?p=samba.git;a=commit;h=b2c62d639d7fd565d39a999d500018b290b5279f

--- Additional comment from gdeschner on 2011-10-04 06:55:53 EDT ---

(In reply to comment #5)
> /var/nmbd should be in the spec file.
> 
> And shouldn't it be in /var/lib/nmbd?  Or /var/run/nmbd?
> 
> Is this a new directory and does nmbd_t need to be able to manage all content
> within this directory?

Yes, we will use --with-nmbdsocketdir=/var/run/nmbd and nmbd_t needs to be able to manage all content within this directory.

--- Additional comment from updates on 2011-10-04 07:06:48 EDT ---

samba-3.6.0-73.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/samba-3.6.0-73.fc16

--- Additional comment from updates on 2011-10-04 16:46:37 EDT ---

Package samba-3.6.0-73.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing samba-3.6.0-73.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/samba-3.6.0-73.fc16
then log in and leave karma (feedback).

--- Additional comment from me on 2011-10-05 05:57:02 EDT ---

samba-3.6.0-73.fc16 doesn't fixed this bug.
nmb.service doesn't start.

/var/log/messages after systemctl start nmb.service:
Oct  5 13:47:53 localhost kernel: [ 1075.030257] type=1400 audit(1317808073.321:141): avc:  denied  { create } for  pid=7983 comm="nmbd" name="unexpected" scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:object_r:nmbd_var_run_t:s0 tclass=sock_file
Oct  5 13:47:53 localhost systemd[1]: PID 7983 read from file /run/nmbd.pid does not exist. Your service or init script might be broken.
Oct  5 13:47:53 localhost systemd[1]: nmb.service: main process exited, code=exited, status=1
Oct  5 13:47:53 localhost systemd[1]: Unit nmb.service entered failed state.

# ls -alZ /run/nmb*
-rw-r--r--. root root system_u:object_r:nmbd_var_run_t:s0 /run/nmbd.pid

/run/nmbd:
drwxr-xr-x. root root system_u:object_r:nmbd_var_run_t:s0 .
drwxr-xr-x. root root system_u:object_r:var_run_t:s0   ..