[CentOS-devel] Samba from SIG is broken - ?

Wed Jun 15 18:24:12 UTC 2022
lejeczek <peljasz at yahoo.co.uk>


On 15/06/2022 13:25, Alexander Bokovoy wrote:
> On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
>>
>>
>> On 15/06/2022 08:58, Alexander Bokovoy wrote:
>>> On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
>>>> Hi guys.
>>>>
>>>> I filed a bug report with RH's Bugzilla but nothing 
>>>> happened there thus thought I'd let - if SIGs read this 
>>>> list - you guys know that Samba 4.16 is broken, 
>>>> hard-crashes.
>>>> For better picture - Samba is managed by IPA
>>>
>>> What bug report? Can you point to it?
>>>
>>> The only problem I know about is a missing SELinux 
>>> policy extension for
>>> samba-dcerpcd daemon which prevent ipasam module from 
>>> loading.
>>> samba-dcerpcd got a new SELinux context which is not 
>>> allowed to do
>>> anything that ipasam is supposed to do: read 
>>> /etc/krb5.conf, initialize
>>> openssl configuration, communicate with LDAP server, etc.
>>>
>>> This is handled in 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2096521
>>> for RHEL 9.1 (C9S) and in
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2096825 for 
>>> RHEL 8.7 (C8S).
>>>
>>> A workaround is to put SELinux into permissive mode 
>>> until SELinux folks
>>> would produce a fix -- or apply a local policy extension 
>>> described in
>>> the bugzillas.
>>>
>> Pretty much the same as what I showed below, is in that 
>> BZ - https://bugzilla.redhat.com/show_bug.cgi?id=2094975
>> I did not think it had to do with SELinux, which I put 
>> into permissive and still got a crash as below.
>> Is not very critical as Samba from appstream repo (also 
>> 4.16) works, only no gluster's libgfapi.
>
> This one (from SIG) is built with embedded Samba 
> libraries. It is
> unsupported to mix system-provided and embedded libraries, 
> so crash is
> not surprising. Anoop and I talked and he is going to 
> rethink CentOS
> Stream repo design because the current one was done for 
> pre-Stream state
> of affairs when new Samba version was not available in 
> CentOS before
> RHEL GA.
>
> Mixing this repo and IPA builds in CentOS Stream is not 
> supported, to
> make it clear. ;)
>
Well, it worked well and yes with IPA, all the time I can 
remember with c8 and recently with c8s as well, well.
Issues I have plus others I know, is that Gluster libgfapi 
is absent in baseos/default repo Samba.

thanks, L