-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tony Molloy wrote:
On Thursday 31 January 2008 23:15:50 Henning Larsen wrote:
On Fri, 2008-02-01 at 09:36 +1030, Tim wrote:
On Thu, 2008-01-31 at 19:02 +0100, Henning Larsen wrote:
btw, I can live with it since the alert has gone and I use enforcing mode.
Though, going by what you posted earlier using audit2allow, you've probably disabled SELinux from doing anything about Samba. Enforcing no rules isn't really enforcing SELinux...
This is the same sort of thing as some firewall telling a user that the firewall has blocked trojan from using the internet, and the user clicks on allow access. You have to diagnose the fault, not just get rid of the warning.
-- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.)
Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
I did belive that too, my problem now is that I don't know how to reverse what I did to stop the alerts. Do you have an answer to that?
locate mysamba.pp
rm -f ...active/mysamba.pp rm -f .../previous/mysamba.pp
reboot
Tony
btw. my router is firewalled against samba, so there is no big security issue.
Henning Larsen
semodule -r mysamba is the proper way to do this Just removing the pp files will not effect the policy until the next time the policy is rebuild. So doing the rm -f ...active/mysamba.pp would need to be followed by semodule -B and no reboot would be necessary. (This is not windows.)
Henning, what AVC's are you seeing? What did the te file that you loaded look like?