Re: Selinux does not allow samba

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-02-01 at 10:36 +1030, Tim wrote:

>What you allowed, I don't know.  You didn't post that data.
>
>Reading the man file for semodule shows a "-r" remove module option.
>Give that a try.
>e.g. semodule -r mysamba.pp

semodule -r mysamba
That removed it

I got the alert back, here it is:

................
Summary
    SELinux is preventing the samba daemon from serving r/o local files
to
    remote clients.

Detailed Description
    SELinux has preventing the samba daemon (smbd) from reading files on
the
    local system. If you have not exported these file systems, this
could
    signals an intrusion.

Allowing Access
    If you want to export file systems using samba you need to turn on
the
    samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1".

    The following command will allow this access:
    setsebool -P samba_export_all_ro=1

Additional Information        

Source Context                system_u:system_r:smbd_t:s0
Target Context                system_u:object_r:fusefs_t:s0
Target Objects                None [ dir ]
Affected RPM Packages         samba-3.0.28-0.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-81.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.samba_export_all_ro
Host Name                     venus.popper.homeunix.com
Platform                      Linux venus.popper.homeunix.com
2.6.23.14-107.fc8
                              #1 SMP Mon Jan 14 21:37:30 EST 2008 i686
i686
Alert Count                   1
First Seen                    Fri 01 Feb 2008 11:34:17 AM CET
Last Seen                     Fri 01 Feb 2008 11:34:17 AM CET
Local ID                      6ed95377-42e5-4309-8a8d-fb1b5e06edee
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm=smbd dev=sdd1 egid=99 euid=99
exe=/usr/sbin/smbd
exit=-13 fsgid=99 fsuid=99 gid=0 items=0 name=Documents pid=3363
scontext=system_u:system_r:smbd_t:s0 sgid=0
subj=system_u:system_r:smbd_t:s0
suid=0 tclass=dir tcontext=system_u:object_r:fusefs_t:s0 tty=(none)
uid=99

..........


sealert tell me to do:

setsebool -P samba_export_all_ro=1

but it is already done, and have no effect.


Henning Larsen 

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux