Andreas Schneider
2022-Nov-17 08:36 UTC
[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS
On Wednesday, 16 November 2022 23:40:03 CET Martin Schwenke wrote:> On Wed, 16 Nov 2022 11:41:37 +0100, Leszek Szczepanowski via samba > <samba at lists.samba.org> wrote: > > Time for a guess, so... > > [+Andreas] > > For Andreas' context, version is: > > samba-4.16.4-101.el9.x86_64 > > via CentOS Stream 9. > > > [...] > > [after few 4 minutes] log.samba-dcerpcd: > > [2022/11/16 11:32:05, 0] > > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb) > > > > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission > > > > denied > > [2022/11/16 11:32:05, 0] > > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open) > > > > db_open: failed to attach to ctdb registry.tdb > > > > [2022/11/16 11:32:05, 0] > > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb) > > > > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: Permission > > > > denied > > [2022/11/16 11:32:05, 0] > > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open) > > > > db_open: failed to attach to ctdb registry.tdb > > > > [2022/11/16 11:32:05, 1] > > ../../source3/registry/reg_backend_db.c:759(regdb_init) > > > > regdb_init: Failed to open registry /var/lib/samba/registry.tdb > > > > (Permission denied) > > [2022/11/16 11:32:05, 0] > > ../../source3/registry/reg_init_basic.c:35(registry_init_common) > > > > Failed to initialize the registry: WERR_ACCESS_DENIED > > > > [2022/11/16 11:32:05, 1] > > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx) > > > > error initializing registry configuration: SBC_ERR_BADFILE > > > > Can't load /etc/samba/smb.conf - run testparm to debug it > > samba-dcerpcd - Failed to load config file! > > [...] > > Data points: > > * samba-dcerpcd was added in 4.16.0, so is quite new > > * Anything that uses dbwrap when clustering/CTDB is enabled (smbd, > winbindd, ctdbd and, apparently, samba-dcerpcd) will need direct > access to the TDBs > > * It appears that only access from samba-dcerpcd is failing when > SELinux is enforcing > > Seems like a packaging bug, where all required access has not been > configured for samba-dcerpcd in the SELinux magic?Please open a bug at Red Hat's bugzilla against the selinux-policy component. Thanks Andreas -- Andreas Schneider asn at samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
Leszek Szczepanowski
2022-Nov-17 09:25 UTC
[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS
Hi, Morning, Martin - shall I deliver some more logs here? Would you be so kind and open a bug, as I'm not too familiar with reporting such bugs, please? Leszek czw., 17 lis 2022 o 09:36 Andreas Schneider <asn at samba.org> napisa?(a):> On Wednesday, 16 November 2022 23:40:03 CET Martin Schwenke wrote: > > On Wed, 16 Nov 2022 11:41:37 +0100, Leszek Szczepanowski via samba > > <samba at lists.samba.org> wrote: > > > > Time for a guess, so... > > > > [+Andreas] > > > > For Andreas' context, version is: > > > samba-4.16.4-101.el9.x86_64 > > > > via CentOS Stream 9. > > > > > [...] > > > [after few 4 minutes] log.samba-dcerpcd: > > > [2022/11/16 11:32:05, 0] > > > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb) > > > > > > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: > Permission > > > > > > denied > > > [2022/11/16 11:32:05, 0] > > > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open) > > > > > > db_open: failed to attach to ctdb registry.tdb > > > > > > [2022/11/16 11:32:05, 0] > > > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb) > > > > > > Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0: > Permission > > > > > > denied > > > [2022/11/16 11:32:05, 0] > > > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open) > > > > > > db_open: failed to attach to ctdb registry.tdb > > > > > > [2022/11/16 11:32:05, 1] > > > ../../source3/registry/reg_backend_db.c:759(regdb_init) > > > > > > regdb_init: Failed to open registry /var/lib/samba/registry.tdb > > > > > > (Permission denied) > > > [2022/11/16 11:32:05, 0] > > > ../../source3/registry/reg_init_basic.c:35(registry_init_common) > > > > > > Failed to initialize the registry: WERR_ACCESS_DENIED > > > > > > [2022/11/16 11:32:05, 1] > > > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx) > > > > > > error initializing registry configuration: SBC_ERR_BADFILE > > > > > > Can't load /etc/samba/smb.conf - run testparm to debug it > > > samba-dcerpcd - Failed to load config file! > > > [...] > > > > Data points: > > > > * samba-dcerpcd was added in 4.16.0, so is quite new > > > > * Anything that uses dbwrap when clustering/CTDB is enabled (smbd, > > winbindd, ctdbd and, apparently, samba-dcerpcd) will need direct > > access to the TDBs > > > > * It appears that only access from samba-dcerpcd is failing when > > SELinux is enforcing > > > > Seems like a packaging bug, where all required access has not been > > configured for samba-dcerpcd in the SELinux magic? > > Please open a bug at Red Hat's bugzilla against the selinux-policy > component. > > Thanks > > > Andreas > > -- > Andreas Schneider asn at samba.org > Samba Team www.samba.org > GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D > > >-- -- Leszek A. Szczepanowski twinsen at mspanc.net