[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS
Andreas Schneider
asn at samba.org
Thu Nov 17 08:36:25 UTC 2022
On Wednesday, 16 November 2022 23:40:03 CET Martin Schwenke wrote:
> On Wed, 16 Nov 2022 11:41:37 +0100, Leszek Szczepanowski via samba
> <samba at lists.samba.org> wrote:
>
> Time for a guess, so...
>
> [+Andreas]
>
> For Andreas' context, version is:
> > samba-4.16.4-101.el9.x86_64
>
> via CentOS Stream 9.
>
> > [...]
> > [after few 4 minutes] log.samba-dcerpcd:
> > [2022/11/16 11:32:05, 0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> >
> > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission
> >
> > denied
> > [2022/11/16 11:32:05, 0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> >
> > db_open: failed to attach to ctdb registry.tdb
> >
> > [2022/11/16 11:32:05, 0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> >
> > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission
> >
> > denied
> > [2022/11/16 11:32:05, 0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> >
> > db_open: failed to attach to ctdb registry.tdb
> >
> > [2022/11/16 11:32:05, 1]
> > ../../source3/registry/reg_backend_db.c:759(regdb_init)
> >
> > regdb_init: Failed to open registry /var/lib/samba/registry.tdb
> >
> > (Permission denied)
> > [2022/11/16 11:32:05, 0]
> > ../../source3/registry/reg_init_basic.c:35(registry_init_common)
> >
> > Failed to initialize the registry: WERR_ACCESS_DENIED
> >
> > [2022/11/16 11:32:05, 1]
> > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
> >
> > error initializing registry configuration: SBC_ERR_BADFILE
> >
> > Can't load /etc/samba/smb.conf - run testparm to debug it
> > samba-dcerpcd - Failed to load config file!
> > [...]
>
> Data points:
>
> * samba-dcerpcd was added in 4.16.0, so is quite new
>
> * Anything that uses dbwrap when clustering/CTDB is enabled (smbd,
> winbindd, ctdbd and, apparently, samba-dcerpcd) will need direct
> access to the TDBs
>
> * It appears that only access from samba-dcerpcd is failing when
> SELinux is enforcing
>
> Seems like a packaging bug, where all required access has not been
> configured for samba-dcerpcd in the SELinux magic?
Please open a bug at Red Hat's bugzilla against the selinux-policy component.
Thanks
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba
mailing list