[Samba] Samba 4.12 SELinux context /var/run

Tobias Kirchhofer collect at shift.agency
Fri Apr 3 19:34:48 UTC 2020


Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct 
anymore:

```
root at files:~ # ls -la -Z /var/run/samba/
total 12
drwxr-xr-x.  5 root root system_u:object_r:var_run_t:s0  160 Apr  3 
20:42 .
drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr  3 
18:39 ..
drwxr-xr-x.  3 root root system_u:object_r:var_run_t:s0   60 Apr  3 
18:39 ncalrpc
drwxr-xr-x.  2 root root system_u:object_r:var_run_t:s0   60 Apr  3 
18:39 nmbd
-rw-r--r--.  1 root root system_u:object_r:var_run_t:s0    5 Apr  3 
18:39 nmbd.pid
-rw-r--r--.  1 root root system_u:object_r:var_run_t:s0    5 Apr  3 
18:39 smbd.pid
drwxr-xr-x.  2 root root system_u:object_r:var_run_t:s0   60 Apr  3 
20:42 winbindd
-rw-r--r--.  1 root root system_u:object_r:var_run_t:s0    5 Apr  3 
20:42 winbindd.pid
```

Remote ssh login via winbind/pam-auth is not working anymore cause sshd 
wants to access /var/run/samba/winbindd/pipe

`preventing /usr/sbin/sshd from getattr access on the sock_file 
/run/samba/winbindd/pipe`


Could this be fixed in 4.12.1? Meanwhile we set SELinux permissive.

Tobias

-- 
collect at shift.agency


More information about the samba mailing list