winbind missing selinux policy in fed 27?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, 
I was wondering if winbind package has a default policy included in Fedora 27?
In permissive mode it works as below:

winbind.service - Samba Winbind Daemon
   Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-10-03 08:16:09 CDT; 5h 17min ago
 Main PID: 1009 (winbindd)
   Status: "winbindd: ready to serve connections..."
    Tasks: 4 (limit: 4915)
   CGroup: /system.slice/winbind.service
           ├─1009 /usr/sbin/winbindd
           ├─1010 /usr/sbin/winbindd
           ├─1066 /usr/sbin/winbindd
           └─1068 /usr/sbin/winbindd


But in Enforcing Mode does not:

[root@fedmember1 ~]# systemctl stop winbind
[root@fedmember1 ~]# setenforce 1
[root@fedmember1 ~]# systemctl start winbind
Job for winbind.service failed because the control process exited with error code.
See "systemctl  status winbind.service" and "journalctl  -xe" for details.


Oct 03 08:07:20 fedmember1 winbindd[685]:   tdb(/var/lib/samba/private/netlogon_creds_cli.tdb): tdb_open_ex: tdb_new_database failed for /var/lib/samba/private/netlogon_creds_cli.tdb: Permission denied
Oct 03 08:07:20 fedmember1 winbindd[685]: [2017/10/03 08:07:20.664239,  0] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
Oct 03 08:07:20 fedmember1 audit[685]: AVC avc:  denied  { map } for  pid=685 comm="winbindd" path="/var/lib/samba/private/netlogon_creds_cli.tdb" dev="dm-0" ino=137059 scontext=system_u:system_r:winbind_t:s0 tcontext=unconfined_u:object_r:samba_var_t:s0 tclass=file permissive=0
Oct 03 08:07:20 fedmember1 audit[685]: AVC avc:  denied  { map } for  pid=685 comm="winbindd" path="/var/lib/samba/private/secrets.tdb" dev="dm-0" ino=137051 scontext=system_u:system_r:winbind_t:s0 tcontext=unconfined_u:object_r:samba_var_t:s0 tclass=file permissive=0
Oct 03 08:07:20 fedmember1 audit[685]: AVC avc:  denied  { map } for  pid=685 comm="winbindd" path="/var/lib/samba/lock/names.tdb" dev="dm-0" ino=137022 scontext=system_u:system_r:winbind_t:s0 tcontext=unconfined_u:object_r:samba_var_t:s0 tclass=file permissive=0

Any hints are welcome how to fix it

Thank you
Lin
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux