On 11/09/2016 07:27 PM, lejeczek wrote:
hi everyone
I'm seeing there is some issues when one wants ctdb to control Samba.
Do we have booleans or maybe somebody has a complete set of rules?
I see (at least):
#============= ctdbd_t ==============
allow ctdbd_t cupsd_etc_t:dir getattr;
#!!!! This avc is allowed in the current policy
allow ctdbd_t kernel_t:system module_request;
allow ctdbd_t kmsg_device_t:chr_file { write open };
allow ctdbd_t samba_etc_t:lnk_file read;
allow ctdbd_t samba_spool_t:dir { getattr search };
#============= samba_net_t ==============
allow samba_net_t fusefs_t:file { read getattr open };
allow samba_net_t samba_etc_t:lnk_file read;
#============= smbd_t ==============
#!!!! This avc is allowed in the current policy
allow smbd_t cupsd_etc_t:dir { write create add_name };
#!!!! This avc is allowed in the current policy
allow smbd_t samba_etc_t:lnk_file read;
and I worry I am not missing some boolean.
thx.
L.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Could you describe what are you doing, when you catch these AVC?
Could you also attach raw AVC msgs? (/var/log/audit/audit.log)
What distro and version are you using?
Thanks,
Lukas.
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
