Hey all... not exactly an SELinux veteran, but am trying to work through some issues. Specifically, setting up a simple Samba configuration on a CentOS 5 machine. Determined I needed to do setsebool -P samba_enable_home_dirs 1 In order to get access to home directory shares working correctly. Fine; this is documented in samba_selinux(8). However, I still see the following in my /var/log/audit/audit.log file: type=AVC msg=audit(1200895451.310:1231): avc: denied { rename } for pid=24854 comm="smbd" name="smbd.log" dev=dm-0 ino=14254108 scontext=user_u:system_r:smbd_t:s0 tcontext=user_u:object_r:samba_log_t:s0 tclass=file type=SYSCALL msg=audit(1200895451.310:1231): arch=40000003 syscall=38 success=no exit=-13 a0=6155e0 a1=bfb8bf08 a2=60da4c a3=bfb8bf08 items=0 ppid=24848 pid=24854 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0 key=(null) audit2allow suggests I create policy as follows: allow smbd_t samba_log_t:file rename; To resolve the problem. I decided to just do: setsebool -P smbd_disable_trans 1 And this cleared up the errors. Anyways, is this a bug? Seems like policy should allow smbd to work with its own logfiles.... Can file upstream if necessary, but starting here. Ray _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos