The following tests are failing due to an AVC when calling tasks.establish_trust_with_ad: - test_http_kdc_proxy.py::TestHttpKdcProxy::test_user_login_on_client_without_firewall - test_idviews.py::TestCertsInIDOverrides::test_certs_in_idoverrides_ad_users - test_ipahealthcheck.py::TestIpaHealthCheckWithADtrust::test_ipahealthcheck_trust_domainscheck - test_smb.py::TestSMB::test_samba_uninstallation_without_installation - test_sssd.py::TestSSSDWithAdTrust::test_auth_cache_disabled_by_default - test_trust.py::TestTrust::test_establish_forest_trust_with_shared_secret - test_winsyncmigrate.py::TestWinsyncMigrate::test_migration
test_http_kdc_proxy.py::TestHttpKdcProxy::test_user_login_on_client_without_firewall
test_idviews.py::TestCertsInIDOverrides::test_certs_in_idoverrides_ad_users
test_ipahealthcheck.py::TestIpaHealthCheckWithADtrust::test_ipahealthcheck_trust_domainscheck
test_smb.py::TestSMB::test_samba_uninstallation_without_installation
test_sssd.py::TestSSSDWithAdTrust::test_auth_cache_disabled_by_default
test_trust.py::TestTrust::test_establish_forest_trust_with_shared_secret
test_winsyncmigrate.py::TestWinsyncMigrate::test_migration
The method tasks.establish_trust_with_ad is failng in a call to smbcontrol because of an AVC:
tasks.establish_trust_with_ad
smbcontrol
RUN ['smbcontrol', 'all', 'debug', '100'] ERROR: Could not determine network interfaces, you must use a interfaces config line Exit code: 1
The journal reports:
Nov 22 16:56:47 master.ipa.test audit[23244]: AVC avc: denied { create } for pid=23244 comm="smbcontrol" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=0
Reproduced in PR #1326, with samba-4.15.2-3.fc35.x86_64 and selinux-policy-35.5-1.fc35.noarch
The issue is also tracked in samba: https://bugzilla.samba.org/show_bug.cgi?id=14917 and in selnux-policy: https://github.com/fedora-selinux/selinux-policy/issues/950
Issue affecting [testing_ipa-4.9_latest_selinux] Nightly PR #1333
Affecting : [testing_master_latest_selinux] Nightly PR #1371
Issue fixed upstream in selinux-policy: - selinux-policy-35.7-1.fc36: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7edc335698 - selinux-policy-35.6-1.fc35: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea3fa543f0
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.