> From: Arthur Dent > Sent: 11 December 2011 13:49 > > Hello all, > > When I get a SEL alert it refers only to to the actual directory and > not the full pathname. For example: > > SELinux is preventing /usr/sbin/smbd from create access on the > directory 05. > > The advice for fixing this alert is probably useful but without knowing > the full path is actually completely useless: > > If you want to allow smbd to have create access on the 05 directory > Then you need to change the label on '05' > Do > # semanage fcontext -a -t samba_share_t '05' > # restorecon -v '05' > > The problem is - I don't know where directory "05" is. It's probably > some temporary cache file or some such and trying to even find its > parent directory with a name like "05" makes using 'locate' or 'find' > really quite hard work. > > In this case the alert(s) (there were several - each with a different > numerical directory name) were actually caused when I tried to sync my > iPhone using iTunes installed on a Windows XP virtual machine running > under VirtualBox on this Fedora 16 host, accessing the music library > via a Samba share on a separate partition on the Fedora 16 box.... > Yeah... I know.... > > But anyway - if I could find the full path of the directory in question > I *might* be able to take a closer look at where the problem lies... > > Thanks in advance for any help or suggestions. > > Mark If you get the device and inode from the the AVC message you can use find's -inum option to look for the inode number on the device's filesystem rather than -name. Moray. “To err is human; to purr, feline.” -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
