Thanks for the tremendous feedback so far, I appreciate it! I hope
this is not bad form, but I would like to answer my own question, but
then I have more questions. The error below shows that Samba SMB
service could not access 'home' which turns out to be /home.
System #ls -ldZ /home
drwxr-xr-x root root system_u:object_r:home_root_t /home
For some reason smbd_t cannot access home_root_t. So I did a chcon
on /home which fixed the problem. My question is, by fixing the error
have I made Samba more insecure, was this a bug, is there something I
could do instead?
chcon system_u:object_r:user_home_dir_t /home
Thanks!
lance
type=AVC msg=audit(1199209100.230:984): avc: denied { read } for
pid=26929 comm="smbd" name="home" dev=sdb1 ino=92504065
scontext=user_u:system_r:smbd_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1199209100.230:984): arch=40000003 syscall=5
success=no exit=-13 a0=93f9288 a1=18800 a2=bf85dccc a3=93f9268
items=0 ppid=22310 pid=26929 auid=500 uid=500 gid=0 euid=500 suid=0
fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) comm="smbd" exe="/usr/
sbin/smbd" subj=user_u:system_r:smbd_t:s0 key=(null)
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
