[CentOS-devel] Samba from SIG is broken - ?

Wed Jun 15 12:25:45 UTC 2022
Alexander Bokovoy <abokovoy at redhat.com>

On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
>On 15/06/2022 08:58, Alexander Bokovoy wrote:
>>On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote:
>>>Hi guys.
>>>I filed a bug report with RH's Bugzilla but nothing happened there 
>>>thus thought I'd let - if SIGs read this list - you guys know that 
>>>Samba 4.16 is broken, hard-crashes.
>>>For better picture - Samba is managed by IPA
>>What bug report? Can you point to it?
>>The only problem I know about is a missing SELinux policy extension 
>>samba-dcerpcd daemon which prevent ipasam module from loading.
>>samba-dcerpcd got a new SELinux context which is not allowed to do
>>anything that ipasam is supposed to do: read /etc/krb5.conf, 
>>openssl configuration, communicate with LDAP server, etc.
>>This is handled in 
>>for RHEL 9.1 (C9S) and in
>>https://bugzilla.redhat.com/show_bug.cgi?id=2096825 for RHEL 8.7 
>>A workaround is to put SELinux into permissive mode until SELinux 
>>would produce a fix -- or apply a local policy extension described 
>>the bugzillas.
>Pretty much the same as what I showed below, is in that BZ - 
>I did not think it had to do with SELinux, which I put into permissive 
>and still got a crash as below.
>Is not very critical as Samba from appstream repo (also 4.16) works, 
>only no gluster's libgfapi.

This one (from SIG) is built with embedded Samba libraries. It is
unsupported to mix system-provided and embedded libraries, so crash is
not surprising. Anoop and I talked and he is going to rethink CentOS
Stream repo design because the current one was done for pre-Stream state
of affairs when new Samba version was not available in CentOS before

Mixing this repo and IPA builds in CentOS Stream is not supported, to
make it clear. ;)

/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland