Hello,
I have just installed FC4t2 on a new system with SELinux enabled. SAMBA complains with the following avc when trying to mount a shared resource named XEN whose path is /home/user:
audit(1114248344.419:0): avc: denied { search } for pid=3329 exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t tclass=dir
audit(1114248344.425:0): avc: denied { search } for pid=3329 exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t tclass=dir
# tail /etc/samba/smb.conf
[XEN]
comment = Data placeholder
path = /home/user
public = yes
browseable = yes
writable = yes# ls -ldZ /home drwxr-xr-x root root system_u:object_r:home_root_t /home
# grep smbd_t /etc/selinux/targeted/src/policy/policy.conf | head -1
allow smbd_t home_root_t:dir { read getattr lock search ioctl };So I don't understand what's going on: the policy explicitly allows domain smbd_t to perform search on home_root_t:dir and /home is already labeled home_root_t.
Any ideas?
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
