Steve G wrote:
Hi,
This is a long standing problem that causes me to do "setenforce 0". I wished
there was a boolean to just turn of checking of samba or a streamlined way for
samba to relabel things on startup. In any event, I have a share, /src, which I
want to access across the network. It fails. This is what I see in the logs:
type=PATH msg=audit(12/23/2005 10:37:26.180:20524) : item=0
name=gtk+-2.8.9/gdk-pixbuf/pixops/pixops.c inode=1934832 dev=03:07 mode=dir,755
ouid=sgrubb ogid=sgrubb rdev=00:00 obj=user_u:object_r:user_home_t:s0
type=CWD msg=audit(12/23/2005 10:37:26.180:20524) : cwd=/src
type=SYSCALL msg=audit(12/23/2005 10:37:26.180:20524) : arch=x86_64 syscall=stat
success=no exit=-13(Permission denied) a0=7fffffe1c720 a1=7fffffe1b120
a2=7fffffe1b120 a3=7fffffe1aaec items=1 pid=23380 auid=root uid=nobody gid=root
euid=nobody suid=root fsuid=nobody egid=nobody sgid=nobody fsgid=nobody comm=smbd
exe=/usr/sbin/smbd subj=root:system_r:smbd_t:s0
type=AVC msg=audit(12/23/2005 10:37:26.180:20524) : avc: denied { search } for
pid=23380 comm=smbd name=gtk+-2.8.9 dev=hda7 ino=1934832
scontext=root:system_r:smbd_t:s0 tcontext=user_u:object_r:user_home_t:s0
tclass=dir
What is the correct solution for this?
-Steve
chcon -r -t samba_share_t /src
You can also use public_content_t if you want other sharing protocols
access to the files (http, ftp, rsync)
man samba_selinux
__________________________________
Yahoo! for Good - Make a difference this year.
http://brand.yahoo.com/cybergivingweek2005/
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
