[Samba] Access Problems after Update 4.13.13 to 4.17.10
Michael Tokarev
mjt at tls.msk.ru
Fri Sep 8 12:30:16 UTC 2023
08.09.2023 15:18, Achim Gottinger via samba:
> 4.17:
>
> chdir("/data/data") = 0
> stat(".", {st_mode=S_IFDIR|0777, st_size=3, ...}) = 0
> stat("/data/data", {st_mode=S_IFDIR|0777, st_size=3, ...}) = 0
> openat2(AT_FDCWD, "Neuer Ordner", {flags=O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY, resolve=RESOLVE_NO_SYMLINKS}, 24) = -1 EPERM (Die Operation ist nicht erlaubt)
...
> Which lead to this bug report
> https://github.com/containers/crun/issues/545 Fallback from openat2 to openat under systemd-nspawn
Wow. Now that's.. gross..
I wonder why it all Just Works here (be it 4.17 or 4.18), - *all* our
samba installations are running within nspawn containers without any
extra permissions.
It seems that currently, this filter is only enabled when
RestrictSUIDSGID is true. Or maybe I'm wrong.
/mjt
More information about the samba
mailing list