Hi, Could you attach raw SELinux denials? By reproducing the issue and then run: # ausearch -m AVC -ts today First rule: allow smbd_t automount_tmp_t:dir getattr; is dontaudited and second: allow smbd_t self:capability2 block_suspend; is kernel issue. Do you have any issue with samba or you just see this in audit log? Lukas On 03/28/2018 01:44 PM, lejeczek wrote: > hi guys > > any boolean that would cover this: > > #============= smbd_t ============== > > #!!!! The file '/__.aNetStorage' is mislabeled on your system. > #!!!! Fix with $ restorecon -R -v /__.aNetStorage > #!!!! This avc can be allowed using one of the these booleans: > #???????? samba_export_all_ro, samba_export_all_rw > allow smbd_t automount_tmp_t:dir getattr; > allow smbd_t self:capability2 block_suspend; > > above(silent denials) happens when samba's share path is an autofs nfs > ver=4 mount. > If no boolean then it would be great to have one(or few) if safe. > > many thanks, L. > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
