On Fri, 2008-02-01 at 10:36 +1030, Tim wrote: >What you allowed, I don't know. You didn't post that data. > >Reading the man file for semodule shows a "-r" remove module option. >Give that a try. >e.g. semodule -r mysamba.pp semodule -r mysamba That removed it I got the alert back, here it is: ................ Summary SELinux is preventing the samba daemon from serving r/o local files to remote clients. Detailed Description SELinux has preventing the samba daemon (smbd) from reading files on the local system. If you have not exported these file systems, this could signals an intrusion. Allowing Access If you want to export file systems using samba you need to turn on the samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The following command will allow this access: setsebool -P samba_export_all_ro=1 Additional Information Source Context system_u:system_r:smbd_t:s0 Target Context system_u:object_r:fusefs_t:s0 Target Objects None [ dir ] Affected RPM Packages samba-3.0.28-0.fc8 [application] Policy RPM selinux-policy-3.0.8-81.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.samba_export_all_ro Host Name venus.popper.homeunix.com Platform Linux venus.popper.homeunix.com 2.6.23.14-107.fc8 #1 SMP Mon Jan 14 21:37:30 EST 2008 i686 i686 Alert Count 1 First Seen Fri 01 Feb 2008 11:34:17 AM CET Last Seen Fri 01 Feb 2008 11:34:17 AM CET Local ID 6ed95377-42e5-4309-8a8d-fb1b5e06edee Line Numbers Raw Audit Messages avc: denied { read } for comm=smbd dev=sdd1 egid=99 euid=99 exe=/usr/sbin/smbd exit=-13 fsgid=99 fsuid=99 gid=0 items=0 name=Documents pid=3363 scontext=system_u:system_r:smbd_t:s0 sgid=0 subj=system_u:system_r:smbd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:fusefs_t:s0 tty=(none) uid=99 .......... sealert tell me to do: setsebool -P samba_export_all_ro=1 but it is already done, and have no effect. Henning Larsen -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list