Hi,
Could you attach raw SELinux denials? By reproducing the issue and then run:
# ausearch -m AVC -ts today
First rule:
allow smbd_t automount_tmp_t:dir getattr;
is dontaudited and second:
allow smbd_t self:capability2 block_suspend;
is kernel issue.
Do you have any issue with samba or you just see this in audit log?
Lukas
On 03/28/2018 01:44 PM, lejeczek wrote:
hi guys
any boolean that would cover this:
#============= smbd_t ==============
#!!!! The file '/__.aNetStorage' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /__.aNetStorage
#!!!! This avc can be allowed using one of the these booleans:
#???????? samba_export_all_ro, samba_export_all_rw
allow smbd_t automount_tmp_t:dir getattr;
allow smbd_t self:capability2 block_suspend;
above(silent denials) happens when samba's share path is an autofs nfs
ver=4 mount.
If no boolean then it would be great to have one(or few) if safe.
many thanks, L.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.