[FC5] Samba and SELinux

[Stephen Smalley]

On Mon, 2006-04-10 at 10:01 -0700, Dan Thurman wrote:
> I su as root initially and in my /root directory
> and created the "foo" there.  You did not state
> where to create "foo" so if I did this in the
> wrong place, please let me know.

Re-added the list to the cc line above.

It doesn't matter where you create it - it is just a temporary working
directory.

>   I downloaded the
> checkmodule and installed it earlier so it appears
> that this time everything works, except that in the
> tmp file created, I did not get the same files as
> you may have.  Here is the log of actions:
> 
> [dant at copper ~]$ su -
> Password:
> [root at copper ~]# mkdir foo
> [root at copper ~]# cd foo
> [root at copper foo]# vi local.te
> [root at copper foo]# touch local.if local.fc
> [root at copper foo]# make -f /usr/share/selinux/devel/Makefile
> Compliling targeted local module
> /usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
> /usr/bin/checkmodule:  policy configuration loaded
> /usr/bin/checkmodule:  writing binary representation (version 5) to
> tmp/local.mod
> Creating targeted local.pp policy package
> rm tmp/local.mod.fc tmp/local.mod
> [root at copper foo]# ls
> local.fc  local.if  local.pp  local.te  tmp
> [root at copper foo]# ls tmp
> all_interfaces.conf  local.mod.role  local.tmp
> [root at copper foo]#

Looks correct to me, and matches what was in my original message.  So
now you finish the sequence of instructions I provided originally, i.e.
# semodule -i local.pp

Then retry accessing /var/www content from samba, and if it still
doesn't work, check your /var/log/messages file for avc:  denied
messages.

-- 
Stephen Smalley
National Security Agency