On 08/13/2009 04:50 PM, Paul Howarth wrote:
> On Thu, 13 Aug 2009 13:03:41 -0700 (PDT)
> Vadym Chepkov <chepkov@xxxxxxxxx> wrote:
>
>> Hi,
>>
>> Each time anybody trying to access a samba share I get a denials like
>> this:
>>
>> type=AVC msg=audit(1250191256.756:26956): avc: denied { getattr }
>> for pid=20508 comm="smbd" path="/var/www" dev=dm-5 ino=2
>> scontext=system_u:system_r:smbd_t:s0
>> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
>>
>> type=AVC msg=audit(1250191256.756:26955): avc: denied { getattr }
>> for pid=20508 comm="smbd" path="/var/mysql" dev=dm-4 ino=2
>> scontext=system_u:system_r:smbd_t:s0
>> tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
>>
>> I am not sure why samba is trying to access this directories, it's no
>> ones home, just a mount point. dovecot generates the same AVCs, but
>> only when it starts. What is the best way to suppress these? Thanks.
>
> I've been getting these for years too! Well, I've had these in local
> policy for several releases:
>
> # Samba needs to be able to access stuff under /srv
> allow smbd_t var_t:dir getattr;
>
> # F11 noise reduction
> dontaudit smbd_t lost_found_t:dir { getattr read };
> dontaudit smbd_t squid_cache_t:dir getattr;
> dontaudit smbd_t mysqld_db_t:dir getattr;
>
> Paul.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Are these mountpoints on your system?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
