>> From: Arthur Dent >> Sent: 11 December 2011 13:49 >> >> Hello all, >> >> When I get a SEL alert it refers only to to the actual directory and >> not the full pathname. For example: >> >> SELinux is preventing /usr/sbin/smbd from create access on the >> directory 05. >> >> The advice for fixing this alert is probably useful but without knowing >> the full path is actually completely useless: >> >> If you want to allow smbd to have create access on the 05 directory >> Then you need to change the label on '05' >> Do >> # semanage fcontext -a -t samba_share_t '05' >> # restorecon -v '05' >> >> The problem is - I don't know where directory "05" is. It's probably >> some temporary cache file or some such and trying to even find its >> parent directory with a name like "05" makes using 'locate' or 'find' >> really quite hard work. >> >> In this case the alert(s) (there were several - each with a different >> numerical directory name) were actually caused when I tried to sync my >> iPhone using iTunes installed on a Windows XP virtual machine running >> under VirtualBox on this Fedora 16 host, accessing the music library >> via a Samba share on a separate partition on the Fedora 16 box.... >> Yeah... I know.... >> >> But anyway - if I could find the full path of the directory in question >> I *might* be able to take a closer look at where the problem lies... >> >> Thanks in advance for any help or suggestions. >> >> Mark > > If you get the device and inode from the the AVC message you can use > find's -inum option to look for the inode number on the device's > filesystem rather than -name. > Ha! That looks useful. I can't try it at the moment because, although I can ssh into that machine from work - I can't reproduce the event from the command line. I will try as soon as I can... Thanks again... Mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
