Tom Lisjac wrote:
I'm trying to make samba shares available on a new FC4 server
I've
just built that's running selinux-policy-targeted-1.27.1-2.1. I
relabelled after the update the other day, ran permissive until
everything worked, added the following to local.te and recompiled the
policy sources:
allow smbd_t home_root_t:dir { getattr search };
allow smbd_t httpd_sys_content_t:dir { getattr read remove_name search write };
allow smbd_t httpd_sys_content_t:file { getattr lock read unlink };
allow smbd_t samba_net_tmp_t:file { getattr read write };
allow smbd_t user_home_dir_t:dir { getattr read };
allow smbd_t user_home_t:dir getattr;
allow smbd_t user_home_t:file getattr;
When I switched to enforcing, I couldn't connect... and there were no
new AVC's. Switching back to permissive worked.
I've never seen this behavior before. In the past when enforcing,
there has always been an AVC to explain a denial of service. This time
there wasn't. Turning off selinux fixes the problem so there must be a
relationship.
Disabling selinux seems to be my only alternative... but I'd rather
not. Any suggestions would be appreciated.
-Tom
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Try out the booleans
setsebool -P samba_enable_home_dirs=1
# getsebool -a | grep samba
samba_enable_home_dirs --> inactive
use_samba_home_dirs --> inactive
# getsebool -a | grep smb
allow_smbd_anon_write --> inactive
smbd_disable_trans --> inactive
--