Re: F13: SELinux is preventing /usr/sbin/smbd "quotaget" access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Oct 01, 2010 at 07:30:38AM -0700, Dan Thurman wrote:
> 
> Below happened 224 times.
> 
> How can I fix this?

I do not think samba_share_t is a type usable for filesystems. What are you trying to do and did that type end up on a filesystem object?

> 
> ===========================================================================
> Summary:
> 
> SELinux is preventing /usr/sbin/smbd "quotaget" access .
> 
> Detailed Description:
> 
> SELinux denied access requested by smbd. It is not expected that this
> access is
> required by smbd and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:smbd_t:s0
> Target Context                system_u:object_r:samba_share_t:s0
> Target Objects                None [ filesystem ]
> Source                        smbd
> Source Path                   /usr/sbin/smbd
> Port                          <Unknown>
> Host                          (removed)
> Source RPM Packages           samba-3.5.5-68.fc13
> Target RPM Packages
> Policy RPM                    selinux-policy-3.7.19-57.fc13
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     (removed)
> Platform                      Linux host.domain.com
> 2.6.34.6-54.fc13.i686 #1 SMP
>                               Sun Sep 5 17:52:31 UTC 2010 i686 i686
> Alert Count                   224
> First Seen                    Thu 30 Sep 2010 11:32:04 AM PDT
> Last Seen                     Thu 30 Sep 2010 09:18:41 PM PDT
> Local ID                      01035ab1-2396-4e92-9b1e-09645d976534
> Line Numbers
> 
> Raw Audit Messages
> 
> node=host.domain.com type=AVC msg=audit(1285906721.444:102672): avc:
> denied  { quotaget } for  pid=17451 comm="smbd"
> scontext=system_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:samba_share_t:s0 tclass=filesystem
> 
> node=host.domain.com type=SYSCALL msg=audit(1285906721.444:102672):
> arch=40000003 syscall=131 success=no exit=-13 a0=80000701 a1=1282200
> a2=1f5 a3=bfdb5d7c items=0 ppid=2144 pid=17451 auid=4294967295 uid=0
> gid=0 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none)
> ses=4294967295 comm="smbd" exe="/usr/sbin/smbd"
> subj=system_u:system_r:smbd_t:s0 key=(null)
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Attachment: pgp7Y0hiHjfUp.pgp
Description: PGP signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux