On Fri, 2010-07-23 at 08:14 -0700, Kloc, Alisha wrote: > Hi, > > Due to change management, for the moment at least we're stuck with RHEL 5.2. However, I get the exact same errors when using the version of Samba (3.0.28) included with RHEL 5.2, so I doubt it's a version incompatibility. > > It seems as if SELinux has got the idea that Samba-related anything is illegal and should be blocked, but there's no way to tell it otherwise, since the Boolean switches, restorecon, and relabeling don't work. > > How can I fix SELinux so it stops blocking all Samba-related files, daemons, and pipes? Generate a local policy module via audit2allow and insert it using semodule. > Regarding looking over the release notes, I haven't been able to find any SELinux release notes, new policy releases/updates, or really anything centralized regarding SELinux. The NSA page is no longer being updated, and it links to a Fedora Core web page which has some information, but no downloadable updates or policies that I can find. The Fedora Core page links to dozens of other apparently unofficial, or at least non-SELinux-branded, sites, which offer lots of secondary tools for SELinux but no actual policies or updates. Red Hat's support website has a single SELinux howto document written for RHEL4, and no policies or updates, and I haven't been able to find anyplace else that offers new/updated SELinux policies for download (except the occasional unofficial link on mailing list archives or Bugzilla, neither of which sources is approved by change management). > > Does an official SELinux updates/policy page exist at all? If so, where can I find it? Updates/policy generally comes from your distributor, unless you want to build a custom system. While you can directly download and use the upstream reference policy if you so choose, doing so requires a moderate amount of expertise and isn't generally necessary. Fedora has its own SELinux FAQ, User Guide, and Managing Confined Services Guide available from docs.fedoraproject.org. selinuxproject.org is a community-maintained wiki. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
