SELinux issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hey all... not exactly an SELinux veteran, but am trying to work
through some issues.

Specifically, setting up a simple Samba configuration on a CentOS 5
machine.  Determined I needed to do 

  setsebool -P samba_enable_home_dirs 1
 
In order to get access to home directory shares working correctly.
Fine; this is documented in samba_selinux(8).

However, I still see the following in my /var/log/audit/audit.log file:

  type=AVC msg=audit(1200895451.310:1231): avc:  denied  { rename } for  pid=24854 comm="smbd" name="smbd.log" dev=dm-0 ino=14254108 scontext=user_u:system_r:smbd_t:s0 tcontext=user_u:object_r:samba_log_t:s0 tclass=file
  type=SYSCALL msg=audit(1200895451.310:1231): arch=40000003 syscall=38 success=no exit=-13 a0=6155e0 a1=bfb8bf08 a2=60da4c a3=bfb8bf08 items=0 ppid=24848 pid=24854 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0 key=(null)

audit2allow suggests I create policy as follows:

  allow smbd_t samba_log_t:file rename;

To resolve the problem.  I decided to just do:

  setsebool -P smbd_disable_trans 1

And this cleared up the errors.

Anyways, is this a bug?  Seems like policy should allow smbd to work
with its own logfiles....

Can file upstream if necessary, but starting here.

Ray
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux