Folks,
I've updated a fileserver to FC4, and have a problem with the policy settings
for /home.
Under /home I have directories for:
- users home directories
- samba, also containing some windows user profiles
- the server's web hierachy (what RH likes to put in /var/www)
- general shared files (e.g. mp3s)
Under FC3 all I had to do to get everything working was to include a line
equivalent to that for /var/www, but for /web (why not /home/web ? because
/web is a softlink to /home web).
Now, it rejects /web, so I tried adding /home/web to apache.fc, but that has
no noticeable effect when I do "restorecon -R /home/web".
In addition, something is now preventing access to /home/samba/*, I think
because it's called from in home_root_t and the files there are in
user_home_t. See below for the log messages.
Can anyone help me with pointers out of this mess?
Thanks,
Ruth
Jul 14 14:07:49 filestore kernel: [4379544.608000] audit(1121346469.104:0):
avc: denied { getattr } for path=/home dev=md2 ino=2
scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:home_root_t
tclass=dir
Jul 14 14:07:49 filestore kernel: [4379544.608000]
audit(1121346469.104:0): avc: denied { read } for name=/ dev=md2 ino=2
scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:home_root_t
tclass=dir
Jul 14 14:07:49 filestore kernel: [4379544.609000] audit(1121346469.105:0):
avc: denied { getattr } for path=/home/rivimey/.kde dev=md2 ino=6508546
scontext=system_u:system_r:smbd_t tcontext=user_u:object_r:user_home_t
tclass=dir
Jul 14 14:07:49 filestore kernel: [4379544.609000] audit(1121346469.105:0):
avc: denied { getattr } for path=/home/rivimey/.ICEauthority dev=md2
ino=6508597 scontext=system_u:system_r:smbd_t
tcontext=user_u:object_r:user_home_t tclass=file
--
Ruth Ivimey-Cook
Software engineer and technical writer.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
