blob: 0d8044653091543c77b57f334cbad9e7a2983c6d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
network: 0.939
device: 0.833
PID: 0.822
socket: 0.798
graphic: 0.760
vnc: 0.759
permissions: 0.746
performance: 0.703
files: 0.697
semantic: 0.691
other: 0.652
debug: 0.565
boot: 0.454
KVM: 0.181
SMB sharing on FIPS enabled hosts with Samba broken
Description of problem:
Similar to #2593 , newer security features on GNU+Linux host OSes are continuing
to break communication with guests running older OSes.
QEMU executes the `smbd` process in [slirp.c](net/slirp.c) to facilitate the SMB
sharing between guest and host.
The host `smbd` process links in GnuTLS for authentication ciphers and algorithm
primitives. When `smbd` processes SMB requests from these older OS's SMB implementations,
it errors out with error lines:
`Failed to setup SPNEGO negTokenInit request`
`Failed to start SPNEGO handler for negprot OID list!`
Steps to reproduce:
1. Access a GNU+Linux machine with GnuTLS library in FIPS mode which `smbd` links against
2. Run `qemu-system-*` with an older guest OS with a `smb` share to host
3. See errors in `/tmp/qemu.smb*/log.smbd`
Additional information:
#
|
