Tom Lisjac wrote:
On 9/27/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Tom Lisjac wrote:
I'm trying to make samba shares available on a new FC4 server...
When I switched to enforcing, I couldn't connect... and there were no
new AVC's. Switching back to permissive worked.
Try out the booleans
setsebool -P samba_enable_home_dirs=1
# getsebool -a | grep samba
samba_enable_home_dirs --> inactive
use_samba_home_dirs --> inactive
# getsebool -a | grep smb
allow_smbd_anon_write --> inactive
smbd_disable_trans --> inactive
That fixed it! Setting samba_enable_home_dirs and use_samba_home_dirs
to active restored access and allowed me to remove all but one of the
lines I added to local.te.
I've been relabelling the public_html directories as
user_u:object_r:httpd_user_content_t so Apache won't complain... but I
can't see this directory in the mounted samba shares. Audit2allow
returns the following:
allow smbd_t httpd_sys_content_t:dir getattr;
Is my labelling for public_html correct... or is there another switch
I can throw to allow samba to read and write to this directory?
-Tom
Try chcon -t public_content_rw_t public_html.
(or ftpd_anon_rw_t if public_content_rw_t does not exist)
Then setsebool -P allow_smbd_anon_write=1
That should allow http to read and samba to write.
(Also
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
