[Samba] Samba 4.12 SELinux context /var/run
Rowland penny
rpenny at samba.org
Fri Apr 3 19:53:11 UTC 2020
On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote:
> Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct
> anymore:
>
> ```
> root at files:~ # ls -la -Z /var/run/samba/
> total 12
> drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
> 20:42 .
> drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
> 18:39 ..
> drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
> 18:39 ncalrpc
> drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
> 18:39 nmbd
> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
> 18:39 nmbd.pid
> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
> 18:39 smbd.pid
> drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
> 20:42 winbindd
> -rw-r--r--. 1 root root system_u:object_r:var_run_t:s0 5 Apr 3
> 20:42 winbindd.pid
> ```
>
> Remote ssh login via winbind/pam-auth is not working anymore cause
> sshd wants to access /var/run/samba/winbindd/pipe
>
> `preventing /usr/sbin/sshd from getattr access on the sock_file
> /run/samba/winbindd/pipe`
>
>
> Could this be fixed in 4.12.1? Meanwhile we set SELinux permissive.
>
> Tobias
>
Sorry Tobias, but Samba does not supply the Selinux context, I suggest
you contact your Samba packages supplier, which is usually your OS.
Rowland
More information about the samba
mailing list