[Samba] Samba 4.12 SELinux context /var/run
Karolin Seeger
kseeger at samba.org
Mon Apr 6 06:05:01 UTC 2020
Hello Tobias,
Am 04.04.20 um 14:45 schrieb Tobias Kirchhofer via samba:
> On 3 Apr 2020, at 21:53, Rowland penny via samba wrote:
>
>> On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote:
>>> Hi, since 4.12 Samba SELinux context for /var/run/samba is not
>>> correct anymore:
>>>
>>> ```
>>> root at files:~ # ls -la -Z /var/run/samba/
>>> total 12
>>> drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
>>> 20:42 .
>>> drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
>>> 18:39 ..
>>> drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
>>> 18:39 ncalrpc
>>> drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
>>> 18:39 nmbd
>>> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
>>> 18:39 nmbd.pid
>>> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
>>> 18:39 smbd.pid
>>> drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
>>> 20:42 winbindd
>>> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
>>> 20:42 winbindd.pid
>>> ```
>>>
>>> Remote ssh login via winbind/pam-auth is not working anymore cause
>>> sshd wants to access /var/run/samba/winbindd/pipe
>>>
>>> `preventing /usr/sbin/sshd from getattr access on the sock_file
>>> /run/samba/winbindd/pipe`
>>>
>>>
>>> Could this be fixed in 4.12.1? Meanwhile we set SELinux permissive.
>>>
>>> Tobias
>>>
>> Sorry Tobias, but Samba does not supply the Selinux context, I suggest
>> you contact your Samba packages supplier, which is usually your OS.
>>
>> Rowland
>
> Thank you Rowland for setting me on the right track :) I had Sernet as
> target group in mind when i wrote the post. With updating to 4.12
> SELinux permissions changed. They have a wrapper to start services. My
> thought was that something changed at startup of winbindd.
>
> Sernet does not have a direct mailinglist, or?
You can contact us directly via samba at sernet.de. Thanks for the report,
we will have a look and get back to you!
Cheers,
Karolin
--
Karolin Seeger https://samba.org/~kseeger/
Release Manager Samba Team https://samba.org
Team Lead Samba SerNet https://sernet.de
More information about the samba
mailing list