Created attachment 16797 [details] sample log.smbd when running AD-DC in a LXC container When running an AD-DC in a LXC container (Proxmox PVE 6.4-13), smbd panics and dumps core every minute or so: ----------------------------------------------------------- [2021/09/03 19:45:08.216929, 0] ../../lib/util/fault.c:173(smb_panic_log) INTERNAL ERROR: sys_setgroups failed in pid 1373 (4.14.7) [2021/09/03 19:45:08.217030, 0] ../../lib/util/fault.c:177(smb_panic_log) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting [2021/09/03 19:45:08.217146, 0] ../../lib/util/fault.c:182(smb_panic_log) =============================================================== [2021/09/03 19:45:08.217250, 0] ../../lib/util/fault.c:183(smb_panic_log) PANIC (pid 1373): sys_setgroups failed in 4.14.7 ----------------------------------------------------------- See the attached sample of /var/log/samba/log.smbd for more details. Additional information: [root@sdch ~]# uname -a Linux sdch 5.4.128-1-pve #1 SMP PVE 5.4.128-1 (Wed, 21 Jul 2021 18:32:02 +0200) x86_64 GNU/Linux [root@sdch ~]# samba -V Version 4.14.7 The OS is Arch Linux, up-to-date as of September 4, 2021. This issue is not observed on a member server that is part of the same AD running in a LXC container. This issue is not observed when an AD-DC runs in a VM on the same Proxmox PVE host. In other words, the issue appears to be specific only to DCs running in a LXC container. A somewhat similar issue was described in 2016: https://techblog.devlat.eu/2016/10/05/ubuntu-lxd-samba-and-the-dreaded-sys_setgroups-failed-error/ However, unlike in that report, changing the contents of /etc/subuid and /etc/subgid from "root:100000:65536" to "root:100000:10000000" did not fix the issue.
We have to have a working setgroups() in order to set our security context. What are the differences in semantics in setgroups() when running in an LXC container ?