On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
On 15/06/2022 08:58, Alexander Bokovoy wrote:
On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
Hi guys.
I filed a bug report with RH's Bugzilla but nothing happened there thus thought I'd let - if SIGs read this list - you guys know that Samba 4.16 is broken, hard-crashes. For better picture - Samba is managed by IPA
What bug report? Can you point to it?
The only problem I know about is a missing SELinux policy extension for samba-dcerpcd daemon which prevent ipasam module from loading. samba-dcerpcd got a new SELinux context which is not allowed to do anything that ipasam is supposed to do: read /etc/krb5.conf, initialize openssl configuration, communicate with LDAP server, etc.
This is handled in https://bugzilla.redhat.com/show_bug.cgi?id=2096521 for RHEL 9.1 (C9S) and in https://bugzilla.redhat.com/show_bug.cgi?id=2096825 for RHEL 8.7 (C8S).
A workaround is to put SELinux into permissive mode until SELinux folks would produce a fix -- or apply a local policy extension described in the bugzillas.
Pretty much the same as what I showed below, is in that BZ - https://bugzilla.redhat.com/show_bug.cgi?id=2094975 I did not think it had to do with SELinux, which I put into permissive and still got a crash as below. Is not very critical as Samba from appstream repo (also 4.16) works, only no gluster's libgfapi.
This one (from SIG) is built with embedded Samba libraries. It is unsupported to mix system-provided and embedded libraries, so crash is not surprising. Anoop and I talked and he is going to rethink CentOS Stream repo design because the current one was done for pre-Stream state of affairs when new Samba version was not available in CentOS before RHEL GA.
Mixing this repo and IPA builds in CentOS Stream is not supported, to make it clear. ;)