On 9/27/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > Tom Lisjac wrote: > > >I'm trying to make samba shares available on a new FC4 server... > >When I switched to enforcing, I couldn't connect... and there were no > >new AVC's. Switching back to permissive worked. > Try out the booleans > > setsebool -P samba_enable_home_dirs=1 > > # getsebool -a | grep samba > samba_enable_home_dirs --> inactive > use_samba_home_dirs --> inactive > # getsebool -a | grep smb > allow_smbd_anon_write --> inactive > smbd_disable_trans --> inactive That fixed it! Setting samba_enable_home_dirs and use_samba_home_dirs to active restored access and allowed me to remove all but one of the lines I added to local.te. I've been relabelling the public_html directories as user_u:object_r:httpd_user_content_t so Apache won't complain... but I can't see this directory in the mounted samba shares. Audit2allow returns the following: allow smbd_t httpd_sys_content_t:dir getattr; Is my labelling for public_html correct... or is there another switch I can throw to allow samba to read and write to this directory? -Tom -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
