Re: [unclassified] Re: Problem getting samba share running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>On Thu, 2007-11-15 at 10:49 -0800, Knute Johnson wrote:
>> >On Wed, 2007-11-14 at 19:32 -0800, Knute Johnson wrote:
>> >> No matter what I try, I keep getting a selinux error when I create a 
>> >> share in my home directory.  I've enabled home directories and set  
>> >> read/write in the booleans, I've set the directory to rw for all 
>> >> users, and I've tried several different contexts, samba_share_t, 
>> >> public_content_rw_t and at least one other with the same results.  
>> >> Here is the message I get:
>> >> 
>> >> avc: denied { read } for comm=nmbd dev=inotifyfs path=inotify 
>> >> pid=3296 scontext=system_u:system_r:nmbd_t:s0 tclass=dir  
>> >> tcontext=system_u:object_r:inotifyfs_t:s0
>> >> 
>> >> I've looked at the tutorials and they all apparently lack some vital  
>> >> information that 'every body knows' except me :-).  
>> >> 
>> >> Any help would be appreciated.
>> >
>> >inotifyfs is a pseudo filesystem for the kernel's inotify API
>> >(monitoring file system events).  You can allow it via a local policy
>> >module using audit2allow until it gets added to the default policy.
>> >
>> >-- 
>> >Stephen Smalley
>> >National Security Agency
>> 
>> Stephen:
>> 
>> Thanks for your response.  I need a little more help.  I managed to 
>> create the local.te file but I can't make/reload/ or load it.  The 
>> help files I found searching about say I need package selinux-policy-
>> targeted-sources.  There doesn't seem to be one of those packages for 
>> F8.  Where do I go from here?
>
>The -sources package was only for Fedora <= 4 and RHEL4; Fedora >= 5 and
>RHEL5 have loadable policy modules - no need to install or build the
>full policy sources anymore.
>
>You can compile that local.te file manually with checkmodule, package it
>with semodule_package, and install it with semodule, but the easier way
>to do things is:
># audit2allow -M local < /var/log/audit/audit.log (or /var/log/messages
>or wherever that avc message appears)
># semodule -i local.pp

Thanks very much Stephen.  That worked great to get rid of that 
wrinkle.

-- 
Knute Johnson
Molon Labe...


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux