How to clear Samba through SELinux
Tristan Santore
tristan.santore at internexusconnect.net
Sun Oct 7 17:27:54 UTC 2012
On 07/10/12 12:39, Temlakos wrote:
> Everyone:
>
> I go through this exercise with every update. I have two machines on my
> network. One runs Windows; the other runs Fedora (now up to 17).
>
> Right now, the Fedora box can "see" everything in the Windows box that
> belongs to the default Windows user.
>
> But: the Windows box can see that a share is available but may not visit
> the share.
>
> I cleared Samba through the firewall; otherwise I'd have no connection
> at all.
>
> Now: what Booleans or modules do I need to set or reset to clear Samba
> through SELinux? I don't seem to have any configuration tool (not
> graphical, anyway) to let me see where the problem is. The Windows box
> doesn't say much, except "Windows cannot access this share; you need to
> talk to the system admin in charge of the other system." Well, I /am/
> the system admin. I'd like to clear each machine for full read-write
> access to the other. But right now, I have to do all my sharing through
> the Fedora machine.
>
> (As to why I would even want a Windows machine around: I keep it around
> for programs like TV tuning and DVD authoring that /just work out of the
> box/. I also use that Windows box as a print server. That works.)
>
> So in essence, my Fedora box is a good client but a bad server. I think
> maybe SELinux is the one remaining obstacle. I need to know how to clear
> it.
>
> Temlakos
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
getsebool -a|grep samba
setsebool name_of_bool on/off
To make changes permanent, after you worked out which one you need/want:
setsebool -P name_of_bool on/off
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
More information about the selinux
mailing list