Re: setsebool ok & smb denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurent Jacquot wrote:
> Hello,
> on my F8 up2date, SMB is denied read access to user_iceauth_home_t
> context even if I have:
> 
> 
> [root@jack ~]# getsebool -a |grep samba
> samba_domain_controller --> off
> samba_enable_home_dirs --> on
> samba_export_all_ro --> off
> samba_export_all_rw --> off
> samba_run_unconfined --> on
> samba_share_nfs --> off
> use_samba_home_dirs --> on
> 
> Should I bugzilla it? and also dontaudit, allow or deny?
> 
> 
> Résumé:
> 
> SELinux is preventing the samba daemon from reading users' home
> directories.
> 
> Description détaillée:
> 
> SELinux has denied the samba daemon access to users' home directories.
> Someone
> is attempting to access your home directories via your samba daemon. If
> you only
> setup samba to share non-home directories, this probably signals a
> intrusion
> attempt. For more information on SELinux integration with samba, look at
> the
> samba_selinux man page. (man samba_selinux)
> 
> Autoriser l'accès:
> 
> Si vous souhaitez que samba partage des répertoires personnels vous
> devez
> activer le booléen samba_enable_home_dirs : "setsebool -P
> samba_enable_home_dirs=1"
> 
> La commande suivante autorisera cet accès :
> 
> setsebool -P samba_enable_home_dirs=1
> 
> Informations complémentaires:
> 
> Contexte source               system_u:system_r:smbd_t:s0
> Contexte cible                system_u:object_r:user_iceauth_home_t:s0
> Objets du contexte            /home/alex/.ICEauthority [ file ]
> Source                        smbd
> Source Path                   /usr/sbin/smbd
> Port                          <Inconnu>
> Host                          jack.lutty.net
> Source RPM Packages           samba-3.0.28a-0.fc8
> Target RPM Packages           
> Politique RPM                 selinux-policy-3.0.8-95.fc8
> Selinux activé               True
> Type de politique             targeted
> MLS activé                   True
> Mode strict                   Enforcing
> Nom du plugin                 samba_enable_home_dirs
> Nom de l'hôte                jack.lutty.net
> Plateforme                    Linux jack.lutty.net 2.6.24.4-64.fc8 #1
> SMP Sat
>                               Mar 29 09:54:46 EDT 2008 i686 i686
> Compteur d'alertes            28
> First Seen                    ven 04 avr 2008 23:16:29 CEST
> Last Seen                     mer 09 avr 2008 16:34:17 CEST
> Local ID                      d2ee22f9-866b-4305-94c8-a029aee20c19
> Numéros des lignes           
> 
> Messages d'audit bruts        
> 
> host=jack.lutty.net type=AVC msg=audit(1207751657.63:1353): avc:  denied
> { getattr } for  pid=32716 comm="smbd" path="/home/alex/.ICEauthority"
> dev=dm-11 ino=850503 scontext=system_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:user_iceauth_home_t:s0 tclass=file
> 
> host=jack.lutty.net type=SYSCALL msg=audit(1207751657.63:1353):
> arch=40000003 syscall=195 success=no exit=-13 a0=bfc33194 a1=bfc32914
> a2=4c5ff4 a3=bfc32914 items=0 ppid=3346 pid=32716 auid=4294967295
> uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500
> tty=(none) comm="smbd" exe="/usr/sbin/smbd"
> subj=system_u:system_r:smbd_t:s0 key=(null)
> 
> jk
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkf+chAACgkQrlYvE4MpobM1QACg2j5hJ4jTFDWtlesuhBSTtDui
phwAnRcmyRf9YE767ud+uknxRI2TvEXa
=3TfP
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux