On 08/13/2009 04:50 PM, Paul Howarth wrote: > On Thu, 13 Aug 2009 13:03:41 -0700 (PDT) > Vadym Chepkov <chepkov@xxxxxxxxx> wrote: > >> Hi, >> >> Each time anybody trying to access a samba share I get a denials like >> this: >> >> type=AVC msg=audit(1250191256.756:26956): avc: denied { getattr } >> for pid=20508 comm="smbd" path="/var/www" dev=dm-5 ino=2 >> scontext=system_u:system_r:smbd_t:s0 >> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir >> >> type=AVC msg=audit(1250191256.756:26955): avc: denied { getattr } >> for pid=20508 comm="smbd" path="/var/mysql" dev=dm-4 ino=2 >> scontext=system_u:system_r:smbd_t:s0 >> tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir >> >> I am not sure why samba is trying to access this directories, it's no >> ones home, just a mount point. dovecot generates the same AVCs, but >> only when it starts. What is the best way to suppress these? Thanks. > > I've been getting these for years too! Well, I've had these in local > policy for several releases: > > # Samba needs to be able to access stuff under /srv > allow smbd_t var_t:dir getattr; > > # F11 noise reduction > dontaudit smbd_t lost_found_t:dir { getattr read }; > dontaudit smbd_t squid_cache_t:dir getattr; > dontaudit smbd_t mysqld_db_t:dir getattr; > > Paul. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Are these mountpoints on your system? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list