[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS

Andreas Schneider asn at samba.org
Thu Nov 17 08:36:25 UTC 2022 

On Wednesday, 16 November 2022 23:40:03 CET Martin Schwenke wrote:
> On Wed, 16 Nov 2022 11:41:37 +0100, Leszek Szczepanowski via samba
> <samba at lists.samba.org> wrote:
> 
> Time for a guess, so...
> 
> [+Andreas]
> 
> For Andreas' context, version is:
> > samba-4.16.4-101.el9.x86_64
> 
> via CentOS Stream 9.
> 
> > [...]
> > [after few 4 minutes] log.samba-dcerpcd:
> > [2022/11/16 11:32:05,  0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> > 
> >   Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission
> > 
> > denied
> > [2022/11/16 11:32:05,  0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> > 
> >   db_open: failed to attach to ctdb registry.tdb
> > 
> > [2022/11/16 11:32:05,  0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> > 
> >   Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission
> > 
> > denied
> > [2022/11/16 11:32:05,  0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> > 
> >   db_open: failed to attach to ctdb registry.tdb
> > 
> > [2022/11/16 11:32:05,  1]
> > ../../source3/registry/reg_backend_db.c:759(regdb_init)
> > 
> >   regdb_init: Failed to open registry /var/lib/samba/registry.tdb
> > 
> > (Permission denied)
> > [2022/11/16 11:32:05,  0]
> > ../../source3/registry/reg_init_basic.c:35(registry_init_common)
> > 
> >   Failed to initialize the registry: WERR_ACCESS_DENIED
> > 
> > [2022/11/16 11:32:05,  1]
> > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
> > 
> >   error initializing registry configuration: SBC_ERR_BADFILE
> > 
> > Can't load /etc/samba/smb.conf - run testparm to debug it
> > samba-dcerpcd - Failed to load config file!
> > [...]
> 
> Data points:
> 
> * samba-dcerpcd was added in 4.16.0, so is quite new
> 
> * Anything that uses dbwrap when clustering/CTDB is enabled (smbd,
>   winbindd, ctdbd and, apparently, samba-dcerpcd) will need direct
>   access to the TDBs
> 
> * It appears that only access from samba-dcerpcd is failing when
>   SELinux is enforcing
> 
> Seems like a packaging bug, where all required access has not been
> configured for samba-dcerpcd in the SELinux magic?

Please open a bug at Red Hat's bugzilla against the selinux-policy component.

Thanks


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba mailing list