On 9/28/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > Tom Lisjac wrote: > >On 9/27/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > >>Tom Lisjac wrote: > >>>I'm trying to make samba shares available on a new FC4 server... > >>>When I switched to enforcing, I couldn't connect... and there were no > >>>new AVC's. Switching back to permissive worked. > >I've been relabelling the public_html directories as > >user_u:object_r:httpd_user_content_t so Apache won't complain... but I > >can't see this directory in the mounted samba shares. Audit2allow > >returns the following: > > > >allow smbd_t httpd_sys_content_t:dir getattr; > > > >Is my labelling for public_html correct... or is there another switch > >I can throw to allow samba to read and write to this directory? > > > Try chcon -t public_content_rw_t public_html. > (or ftpd_anon_rw_t if public_content_rw_t does not exist) > > Then setsebool -P allow_smbd_anon_write=1 > > That should allow http to read and samba to write. That fixed Samba so I could see public_html from the shares... but Apache complained when trying to serve content: allow httpd_t ftpd_anon_rw_t:dir getattr; I got everything working for both Samba and Apache by turning on the samba_enable_home_dirs boolean, per your suggestion, and adding the following to local.te: allow smbd_t httpd_sys_content_t:dir { add_name create getattr read remove_name rename rmdir search write }; allow smbd_t httpd_sys_content_t:file { create getattr lock read setattr unlink write }; I was hoping to make it work without the policy sources, but I can live with this. Incidentally, audit2allow didn't add the curly braces to the first line. Compilation failed until I put them in. Thanks for your help... much appreciated! -Tom -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list