Bug 14917 - smbcontrol fails in SELinux Enforcing mode
Summary: smbcontrol fails in SELinux Enforcing mode
Status: RESOLVED MOVED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.15.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-23 11:37 UTC by Denis Karpelevich
Modified: 2021-11-23 12:34 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Karpelevich 2021-11-23 11:37:37 UTC
smbcontrol fails in SELinux Enforcing mode
 
Version information:
# cat /etc/fedora-release
Fedora release 35 (Thirty Five)
 
# rpm -q samba-common-tools selinux-policy
samba-common-tools-4.15.2-3.fc35.x86_64
selinux-policy-35.5-1.fc35.noarch
 
Steps to reproduce:
setenforce 1
dnf install samba-common-tools
smbcontrol all debug 100
 
Expected result: no error
Actual result: "ERROR: Could not determine network interfaces, you must use a interfaces config line"
 
Additional information:
# ausearch -m avc
time->Tue Nov 23 05:16:25 2021
type=AVC msg=audit(1637662585.880:491): avc:  denied  { create } for  pid=1665 comm="smbcontrol" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=0

It works with setenforce 0 and on previous samba versions
Comment 1 Alexander Bokovoy 2021-11-23 11:52:26 UTC
Denis, this bug needs to be opened against selinux-policy project, not Samba. Samba does not own nor handle SELinux policy on its own. Instead, it relies on the selinux-policy project to provide common policy.
Comment 2 Alexander Bokovoy 2021-11-23 12:34:56 UTC
Ok, there is no bug for Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2025931, we can close this one.