[Samba] SELinux Issue: unix_dgram_socket
Robert Buck
robert.buck at som.com
Mon Mar 8 20:24:23 UTC 2021
Hi Folks
Just wanted to pass this by you to see if anyone else running on Red
Hat Enterprise Linux ran into this SeLinux issue before. The issue is this
sort of message in syslog:
*Mar 8 16:28:15 use1-samba-server-s01-use1-01 setroubleshoot[3060874]:
SELinux is preventing /usr/sbin/winbindd from sendto access on the
unix_dgram_socket /var/lib/samba/private/msg.sock/3060870. For complete
SELinux messages run: sealert -l a77de726-5087-4302-9cc2-5b663a849ef6*
The solution, we think, may be to add this policy. But can someone confirm
this, or help me find a better solution?
*module winbindd_unix_dgram_socket 1.0;require { type
unconfined_service_t; type winbind_t; class unix_dgram_socket
sendto;}#============= winbind_t ==============allow winbind_t
unconfined_service_t:unix_dgram_socket sendto;*
But I am a little confused with the *unconfined_service_t* type.
Any opinions?
Thank you
--
BOB BUCK
SENIOR PLATFORM SOFTWARE ENGINEER
SKIDMORE, OWINGS & MERRILL
7 WORLD TRADE CENTER
250 GREENWICH STREET
NEW YORK, NY 10007
T (212) 298-9624
ROBERT.BUCK at SOM.COM
More information about the samba
mailing list