Dontaudit rule for $HOME/.ssh and samba

Tue Feb 23 00:55:15 UTC 2010

I am sharing my user home directories to other machines on my LAN using 
Samba. I have that all working correctly except for one persistent AVC 
that I keep seeing. Now this AVC is correct in that I really do not want 
my user's .ssh directories read over SMB so I'd quite like to keep that 
as-is. But... I get alerts for this all the time so I'd like to know how 
to add a dontaudit rule for it so that access is denied but I don't get 
told about it. Ideally I'd like to add a generic rule to catch all 
user's not have to add one dontaudit rule per user. Just don't have a 
clue where to start and google was not much use on this so would 
appreciate some help if anyone has done this before?

SELinux is preventing samba (smbd) "getattr" to /home/$user/.ssh 
(sshd_key_t).

Source Context:  system_u:system_r:smbd_t
Target Context:  user_u:object_r:sshd_key_t
Target Objects:  /home/$user/.ssh/config [ file ]
Source:  smbd
Source Path:  /usr/sbin/smbd
Port:  <Unknown>
Host:  hostname
Source RPM Packages:  samba-3.0.33-3.15.el5_4.1
Target RPM Packages: 
Policy RPM:  selinux-policy-2.4.6-255.el5_4.4
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  samba_share
Host Name:  hostname
Platform:  Linux hostname 2.6.32.5 #3 SMP Sun Jan 31 03:27:09 GMT 2010 
x86_64 x86_64
Alert Count:  1
First Seen:  Tue 23 Feb 2010 12:44:47 AM GMT
Last Seen:  Tue 23 Feb 2010 12:44:47 AM GMT
Local ID:  5d933e81-2ab5-4529-8dce-9e554a59f0e3
Line Numbers: 

Raw Audit Messages :
host=hostname type=AVC msg=audit(1266885887.400:4313): avc: denied { 
getattr } for pid=16382 comm="smbd" path="/home/$user/.ssh/config" 
dev=dm-4 ino=10453601 scontext=system_u:system_r:smbd_t:s0 
tcontext=user_u:object_r:sshd_key_t:s0 tclass=file

host=hostname type=SYSCALL msg=audit(1266885887.400:4313): arch=c000003e 
syscall=4 success=yes exit=0 a0=7fff2dc9f270 a1=7fff2dc9e9a0 
a2=7fff2dc9e9a0 a3=7fff2dc9ee70 items=0 ppid=4352 pid=16382 
auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 
fsgid=500 tty=(none) ses=4294967295 comm="smbd" exe="/usr/sbin/smbd" 
subj=system_u:system_r:smbd_t:s0 key=(null)

-- 

Trevor Hemsley
Infrastructure Engineer
.................................................
* C A L Y P S O
* 4th Floor, Tower Point,
44 North Road,
Brighton, BN1 1YR, UK   

OFFICE 	+44 (0) 1273 666 350
FAX 	+44 (0) 1273 666 351

.................................................
www.calypso.com

This electronic-mail might contain confidential information intended 
only for the use by the entity named. If the reader of this message is 
not the intended recipient, the reader is hereby notified that any 
dissemination, distribution or copying is strictly prohibited.

* P * /*/ Please consider the environment before printing this e-mail /*/