SELinux, Samba, & Winbind

Stephen Smalley sds at tycho.nsa.gov
Fri Jul 23 20:37:31 UTC 2010 

On Fri, 2010-07-23 at 08:14 -0700, Kloc, Alisha wrote:
> Hi,
> 
> Due to change management, for the moment at least we're stuck with RHEL 5.2. However, I get the exact same errors when using the version of Samba (3.0.28) included with RHEL 5.2, so I doubt it's a version incompatibility. 
> 
> It seems as if SELinux has got the idea that Samba-related anything is illegal and should be blocked, but there's no way to tell it otherwise, since the Boolean switches, restorecon, and relabeling don't work.
> 
> How can I fix SELinux so it stops blocking all Samba-related files, daemons, and pipes?

Generate a local policy module via audit2allow and insert it using
semodule.

> Regarding looking over the release notes, I haven't been able to find any SELinux release notes, new policy releases/updates, or really anything centralized regarding SELinux. The NSA page is no longer being updated, and it links to a Fedora Core web page which has some information, but no downloadable updates or policies that I can find. The Fedora Core page links to dozens of other apparently unofficial, or at least non-SELinux-branded, sites, which offer lots of secondary tools for SELinux but no actual policies or updates. Red Hat's support website has a single SELinux howto document written for RHEL4, and no policies or updates, and I haven't been able to find anyplace else that offers new/updated SELinux policies for download (except the occasional unofficial link on mailing list archives or Bugzilla, neither of which sources is approved by change management). 
> 
> Does an official SELinux updates/policy page exist at all? If so, where can I find it?

Updates/policy generally comes from your distributor, unless you want to
build a custom system.  While you can directly download and use the
upstream reference policy if you so choose, doing so requires a moderate
amount of expertise and isn't generally necessary.

Fedora has its own SELinux FAQ, User Guide, and Managing Confined
Services Guide available from docs.fedoraproject.org.

selinuxproject.org is a community-maintained wiki.

-- 
Stephen Smalley
National Security Agency

More information about the selinux mailing list