Problem accessing samba shares with enforcing enabled
by Jan Meier
Hello,
I get the following avc denied when I try to write a file via samba from a
remote machine:
jeeves kernel: audit(1152459345.543:71): avc: denied { write } for pid=2332
comm="smbd" name="jan" dev=hda1 ino=131 scontext=root:system_r:smbd_t:s0
tcontext=root:object_r:smbd_t:s0 tclass=dir
ls -Z for the proper directory where I want to write into shows:
drwxr-xr-x jan users root:object_r:smbd_t jan
Any suggestions?
Regards
Jan
17 years, 9 months
avc: denied for netstat under 2.6.17-1.2358.fc6
by Jay Cliburn
Running rawhide, netstat -ptuna produces the following
in /var/log/messages.
Jul 8 20:08:17 osprey kernel: audit(1152407297.929:15): avc: denied
{ ptrace } for pid=2526 comm="netstat"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:udev_t:s0-s0:c0.c255 tclass=process
Jul 8 20:08:17 osprey kernel: audit(1152407297.949:16): avc: denied
{ ptrace } for pid=2526 comm="netstat"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tclass=process
Jul 8 20:08:17 osprey kernel: audit(1152407297.949:17): avc: denied
{ ptrace } for pid=2526 comm="netstat"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
Jul 8 20:08:17 osprey kernel: audit(1152407297.977:18): avc: denied
{ ptrace } for pid=2526 comm="netstat"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:crond_t:s0-s0:c0.c255 tclass=process
Jul 8 20:08:19 osprey kernel: audit(1152407297.993:19): avc: denied
{ ptrace } for pid=2526 comm="netstat"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=process
17 years, 9 months
selinux breaks vgetty
by Trevor Cordes
selinux appears to break vgetty (in the mgetty-voice package). I'm
wondering if selinux was even meant to be applied to vgetty or if it's
somehow getting confused with its sister mgetty, which is selinux
protected.
My main question is, how can I work around this so I can get my voice/fax
system working again? Is there an easy way to turn off selinux protection
just for vgetty? Or can someone help me with what I need to do to make it
work with vgetty? My vgetty setup is quite complex with many user-defined
helper scripts which process incoming voicemail. It may be too hard (and
not worth it) to get selinux and vgetty to live happily together.
Thanks!
I've opened a bugzilla for this:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197574
17 years, 9 months
firefox targeted policy
by Peter Harmsen
I have made a custom policy for the firefox www-browser.
To adchieve this i did the following:
# cd /usr/share/selinux/devel
# policygentool firefox /usr/bin/firefox
# make -f /usr/share/selinux/devel/Makefile
# semodule -i firefox.pp
# restorecon -R -v /usr/bin/firefox
When i enter: semodule -l i see the firefox module has been loaded
however i expected too see some action though in /var/log/messages.
--
I have made this letter longer than usual, because i lack the time to
make it short.
17 years, 10 months