为了确保合规性,我尝试让 Samba DC 在启用了 FIPS 800-171 安全策略的 Rocky Linux 8 上运行。从 DVD 映像安装全新的最小 VM,我下载并解压 .tar,运行 Centos8S 的 bootstrap.sh(./configure make make install源(默认设置)),设置 systemd 服务,并尝试运行它;但我遇到了以下错误:
Nov 30 14:26:03 171-dc-test systemd[1]: Starting Samba Active Directory Domain Controller...
-- Subject: Unit samba-ad-dc.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit samba-ad-dc.service has begun starting up.
Nov 30 14:26:03 171-dc-test samba[1449]: /usr/local/samba/sbin/samba: error while loading shared libraries: libevents-samba4.so: cannot open shared object file: No such file or directory
Nov 30 14:26:03 171-dc-test systemd[1]: samba-ad-dc.service: Control process exited, code=exited status=127
Nov 30 14:26:03 171-dc-test systemd[1]: samba-ad-dc.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The unit samba-ad-dc.service has entered the 'failed' state with result 'exit-code'.
Nov 30 14:26:03 171-dc-test systemd[1]: Failed to start Samba Active Directory Domain Controller.
-- Subject: Unit samba-ad-dc.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit samba-ad-dc.service has failed.
--
-- The result is failed.
有问题的文件正好位于它应该在的位置:
-rwxr-xr-x. 1 root root 8192 Nov 30 14:09 /usr/local/samba/lib/private/libevents-samba4.so
在另一台未启用安全策略的虚拟机上执行此精确过程效果非常好。设置selinux为宽容、停止fapolicyd和禁用 FIPS 模式并重新启动不会影响结果。有人知道我需要去哪里查找以找出为什么这不起作用吗?我假设有什么东西阻止了对该文件夹的访问,但我不确定它是什么。谢谢。