On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote: > > >On 15/06/2022 08:58, Alexander Bokovoy wrote: >>On ke, 15 kesä 2022, lejeczek via CentOS-devel wrote: >>>Hi guys. >>> >>>I filed a bug report with RH's Bugzilla but nothing happened there >>>thus thought I'd let - if SIGs read this list - you guys know that >>>Samba 4.16 is broken, hard-crashes. >>>For better picture - Samba is managed by IPA >> >>What bug report? Can you point to it? >> >>The only problem I know about is a missing SELinux policy extension >>for >>samba-dcerpcd daemon which prevent ipasam module from loading. >>samba-dcerpcd got a new SELinux context which is not allowed to do >>anything that ipasam is supposed to do: read /etc/krb5.conf, >>initialize >>openssl configuration, communicate with LDAP server, etc. >> >>This is handled in >>https://bugzilla.redhat.com/show_bug.cgi?id=2096521 >>for RHEL 9.1 (C9S) and in >>https://bugzilla.redhat.com/show_bug.cgi?id=2096825 for RHEL 8.7 >>(C8S). >> >>A workaround is to put SELinux into permissive mode until SELinux >>folks >>would produce a fix -- or apply a local policy extension described >>in >>the bugzillas. >> >Pretty much the same as what I showed below, is in that BZ - >https://bugzilla.redhat.com/show_bug.cgi?id=2094975 >I did not think it had to do with SELinux, which I put into permissive >and still got a crash as below. >Is not very critical as Samba from appstream repo (also 4.16) works, >only no gluster's libgfapi. This one (from SIG) is built with embedded Samba libraries. It is unsupported to mix system-provided and embedded libraries, so crash is not surprising. Anoop and I talked and he is going to rethink CentOS Stream repo design because the current one was done for pre-Stream state of affairs when new Samba version was not available in CentOS before RHEL GA. Mixing this repo and IPA builds in CentOS Stream is not supported, to make it clear. ;) -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland