Samba won't dance [Solved - sort of - NOT] Selinux related???
Claude Jones
cjones at levitjames.com
Thu Apr 17 13:17:31 UTC 2008
On Thu April 17 2008, Claude Jones wrote:
> I can't declare victory. I am now networked,
I now know how to break it. Just declare victory. It doesn't have to be total;
victory declarations, qualified, with reservations, with lots of
uselessmumbling, etc...work, too!
Just switched over to an XP box that had been reliably browsing my Fedora box
for the past hour, and got a "can't find" error. Turned off the firewall on
Fedora, went back to the XP machine, and the connection is restored... WTF??
I doubt this is relevant, but here are the relevant entries in iptables:
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.2.0/24 anywhere
ACCEPT all -- 192.168.2.1 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpts:6881:6889
ACCEPT udp -- anywhere anywhere udp
dpts:6881:6889
ACCEPT tcp -- anywhere anywhere tcp dpt:35986
ACCEPT udp -- anywhere anywhere udp dpt:35986
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:ipp
ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:ipp
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp
dpts:netbios-ns:netbios-ssn
ACCEPT udp -- 192.168.2.0/24 anywhere udp
dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp
dpt:microsoft-ds
ACCEPT udp -- 192.168.2.0/24 anywhere udp
dpt:microsoft-ds
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:sunrpc
ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:sunrpc
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:nfs
ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:nfs
ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:domain
ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
LSI all -- anywhere anywhere
***************************************
I know there are issues in there, but, the main point is, why did it suddenly
go dark? Why did it work for a couple of hours this am, and all night, then
suddenly lose it?
***************************************
and there's the Samba and Selinux issue - I'm getting tons of these:
Summary:
SELinux is preventing smbd (smbd_t) "getattr" to /dev/sde1
(fixed_disk_device_t).
Detailed Description:
SELinux denied access requested by smbd. It is not expected that this access
is
required by smbd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore
the default system file context for /dev/sde1,
restorecon -v '/dev/sde1'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:smbd_t
Target Context system_u:object_r:fixed_disk_device_t
Target Objects /dev/sde1 [ blk_file ]
Source smbd
Source Path /usr/sbin/smbd
Port <Unknown>
Host tehogee1
Source RPM Packages samba-3.0.28a-0.fc8
Target RPM Packages
Policy RPM selinux-policy-3.0.8-98.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name tehogee1
Platform Linux tehogee1 2.6.24.4-64.fc8 #1 SMP Sat Mar 29
09:54:46 EDT 2008 i686 i686
Alert Count 3
First Seen Wed 16 Apr 2008 08:39:18 AM EDT
Last Seen Wed 16 Apr 2008 08:43:18 AM EDT
Local ID 83d6b661-2e3b-482a-ada7-ca94aa1f5eb6
Line Numbers
Raw Audit Messages
host=tehogee1 type=AVC msg=audit(1208349798.310:1590): avc: denied {
getattr } for pid=32296 comm="smbd" path="/dev/sde1" dev=tmpfs ino=323202
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
host=tehogee1 type=SYSCALL msg=audit(1208349798.310:1590): arch=40000003
syscall=195 success=no exit=-13 a0=bfd7a694 a1=bfd79e14 a2=4c5ff4 a3=bfd79e14
items=0 ppid=31287 pid=32296 auid=500 uid=99 gid=0 euid=99 suid=0 fsuid=99
egid=99 sgid=0 fsgid=99 tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=unconfined_u:system_r:smbd_t:s0 key=(null)
********************************************
or even more germane, this:
Summary:
SELinux is preventing the samba daemon from serving r/o local files to remote
clients.
Detailed Description:
SELinux has preventing the samba daemon (smbd) from reading files on the local
system. If you have not exported these file systems, this could signals an
intrusion.
Allowing Access:
If you want to export file systems using samba you need to turn on the
samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1".
The following command will allow this access:
setsebool -P samba_export_all_ro=1
Additional Information:
Source Context system_u:system_r:smbd_t
Target Context system_u:object_r:var_t
Target Objects ./srv [ dir ]
Source smbd
Source Path /usr/sbin/smbd
Port <Unknown>
Host tehogee1
Source RPM Packages samba-3.0.28a-0.fc8
Target RPM Packages filesystem-2.4.11-1.fc8
Policy RPM selinux-policy-3.0.8-98.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name samba_export_all_ro
Host Name tehogee1
Platform Linux tehogee1 2.6.24.4-64.fc8 #1 SMP Sat Mar 29
09:54:46 EDT 2008 i686 i686
Alert Count 8
First Seen Wed 16 Apr 2008 10:06:11 PM EDT
Last Seen Wed 16 Apr 2008 10:06:15 PM EDT
Local ID dd8cb0d1-fac0-495c-89e6-c115d60ad66f
Line Numbers
Raw Audit Messages
host=tehogee1 type=AVC msg=audit(1208397975.959:367): avc: denied { read }
for pid=28749 comm="smbd" name="srv" dev=sda3 ino=26312705
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:var_t:s0
tclass=dir
host=tehogee1 type=SYSCALL msg=audit(1208397975.959:367): arch=40000003
syscall=5 success=no exit=-13 a0=b864d098 a1=98800 a2=bf9291fc a3=b86651c8
items=0 ppid=3353 pid=28749 auid=4294967295 uid=99 gid=0 euid=99 suid=0
fsuid=99 egid=99 sgid=0 fsgid=99 tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=system_u:system_r:smbd_t:s0 key=(null)
*********************************************
I have run the suggested command to fix the last, but to no avail.
--
Claude Jones
Brunswick, MD, USA
More information about the users
mailing list