On 10/01/2010 08:07 AM, Dominick Grift wrote:
I think this problem might be related to mount & /etc/fstab:On Fri, Oct 01, 2010 at 07:30:38AM -0700, Dan Thurman wrote:Below happened 224 times. How can I fix this?I do not think samba_share_t is a type usable for filesystems. What are you trying to do and did that type end up on a filesystem object? LABEL=Ap1WD1 /md/Ap1WD1 ntfs-3g context=system_u:object_r:samba_share_t:s0,defaults 0 0 As before I was able to do: LABEL=Ap1WD1 /md/Ap1WD1 ntfs-3g context=system_u:object_r:samba_share_t:s0 0 0 Some recent release changed in the mount/fstab command/file such that it would not allow context only definition in the mount options argument in fstab and resulted preventing ntfs filesystems to be mounted at boot time, spewing out "argument required" errors for each ntfs mount attempted from the /etc/fstab file. Adding ',defaults' to the option along with the context argument worked, except that having the 'defaults' argument also means SELinux will attempt to verify/enforce SELinux context information within the NTFS filesystems (which makes no sense), causing AVC denials, or so I think. This is probably a bug, IMO. I would like to know if anyone has already reported this issue to bugzilla, so that I can remove the ',defaults' entry from fstab for NTFS mounted filesystems. =========================================================================== Summary: SELinux is preventing /usr/sbin/smbd "quotaget" access . Detailed Description: SELinux denied access requested by smbd. It is not expected that this access is required by smbd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:smbd_t:s0 Target Context system_u:object_r:samba_share_t:s0 Target Objects None [ filesystem ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host (removed) Source RPM Packages samba-3.5.5-68.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-57.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux host.domain.com 2.6.34.6-54.fc13.i686 #1 SMP Sun Sep 5 17:52:31 UTC 2010 i686 i686 Alert Count 224 First Seen Thu 30 Sep 2010 11:32:04 AM PDT Last Seen Thu 30 Sep 2010 09:18:41 PM PDT Local ID 01035ab1-2396-4e92-9b1e-09645d976534 Line Numbers Raw Audit Messages node=host.domain.com type=AVC msg=audit(1285906721.444:102672): avc: denied { quotaget } for pid=17451 comm="smbd" scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=filesystem node=host.domain.com type=SYSCALL msg=audit(1285906721.444:102672): arch=40000003 syscall=131 success=no exit=-13 a0=80000701 a1=1282200 a2=1f5 a3=bfdb5d7c items=0 ppid=2144 pid=17451 auid=4294967295 uid=0 gid=0 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="smbd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
