This server runs Samba and is configured to integrate with an Active Directory domain.
Soon after the upgrade users started complaining that there where no more able to gain access to shared resources.
I have checked /var/log/messages and I have found those errors:
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.911:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.913:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.913:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.914:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 last message repeated 2 times
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.915:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.916:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.917:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.054:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.055:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.056:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
I realized that this problem should be related to the latest SELinux policies, I have checked which one is installed and I have found selinux-policy-targeted-1.17.30-2.58
Not knowing enough about SELinux policy, how are released, how are designed and how to edit AND having services to provide to users I have temporarelly disabled SELinux setting "permissive" in /etc/selinux/config
Now I would like to get somebody else opinion about this problem, it's that a mistake of who designed policies? It's quite normal and the server administrator must appropriatelly edit policies?
Any suggestion will be greatly appreciated
Thanks Gianni Bragante
