samba share avcs
Daniel J Walsh
dwalsh at redhat.com
Sat Dec 24 12:53:31 UTC 2005
Steve G wrote:
> Hi,
>
> This is a long standing problem that causes me to do "setenforce 0". I wished
> there was a boolean to just turn of checking of samba or a streamlined way for
> samba to relabel things on startup. In any event, I have a share, /src, which I
> want to access across the network. It fails. This is what I see in the logs:
>
> type=PATH msg=audit(12/23/2005 10:37:26.180:20524) : item=0
> name=gtk+-2.8.9/gdk-pixbuf/pixops/pixops.c inode=1934832 dev=03:07 mode=dir,755
> ouid=sgrubb ogid=sgrubb rdev=00:00 obj=user_u:object_r:user_home_t:s0
> type=CWD msg=audit(12/23/2005 10:37:26.180:20524) : cwd=/src
> type=SYSCALL msg=audit(12/23/2005 10:37:26.180:20524) : arch=x86_64 syscall=stat
> success=no exit=-13(Permission denied) a0=7fffffe1c720 a1=7fffffe1b120
> a2=7fffffe1b120 a3=7fffffe1aaec items=1 pid=23380 auid=root uid=nobody gid=root
> euid=nobody suid=root fsuid=nobody egid=nobody sgid=nobody fsgid=nobody comm=smbd
> exe=/usr/sbin/smbd subj=root:system_r:smbd_t:s0
> type=AVC msg=audit(12/23/2005 10:37:26.180:20524) : avc: denied { search } for
> pid=23380 comm=smbd name=gtk+-2.8.9 dev=hda7 ino=1934832
> scontext=root:system_r:smbd_t:s0 tcontext=user_u:object_r:user_home_t:s0
> tclass=dir
>
> What is the correct solution for this?
>
> -Steve
>
chcon -r -t samba_share_t /src
You can also use public_content_t if you want other sharing protocols
access to the files (http, ftp, rsync)
man samba_selinux
>
>
>
> __________________________________
> Yahoo! for Good - Make a difference this year.
> http://brand.yahoo.com/cybergivingweek2005/
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
More information about the selinux
mailing list