blob: 295d5a2b1c33b2e2e6689880e9e32911a1c863e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
network: 0.939
instruction: 0.861
device: 0.833
socket: 0.798
graphic: 0.760
vnc: 0.759
semantic: 0.691
other: 0.652
mistranslation: 0.591
boot: 0.454
assembly: 0.281
KVM: 0.181
SMB sharing on FIPS enabled hosts with Samba broken
Description of problem:
Similar to #2593 , newer security features on GNU+Linux host OSes are continuing
to break communication with guests running older OSes.
QEMU executes the `smbd` process in [slirp.c](net/slirp.c) to facilitate the SMB
sharing between guest and host.
The host `smbd` process links in GnuTLS for authentication ciphers and algorithm
primitives. When `smbd` processes SMB requests from these older OS's SMB implementations,
it errors out with error lines:
`Failed to setup SPNEGO negTokenInit request`
`Failed to start SPNEGO handler for negprot OID list!`
Steps to reproduce:
1. Access a GNU+Linux machine with GnuTLS library in FIPS mode which `smbd` links against
2. Run `qemu-system-*` with an older guest OS with a `smb` share to host
3. See errors in `/tmp/qemu.smb*/log.smbd`
Additional information:
#
|