avc: denied { search } for smbd
Felipe Alfaro Solana
lkml at mac.com
Sat Apr 23 09:32:03 UTC 2005
Hello,
I have just installed FC4t2 on a new system with SELinux enabled. SAMBA
complains with the following avc when trying to mount a shared resource
named XEN whose path is /home/user:
audit(1114248344.419:0): avc: denied { search } for pid=3329
exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609
scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t
tclass=dir
audit(1114248344.425:0): avc: denied { search } for pid=3329
exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609
scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t
tclass=dir
# tail /etc/samba/smb.conf
[XEN]
comment = Data placeholder
path = /home/user
public = yes
browseable = yes
writable = yes
# ls -ldZ /home
drwxr-xr-x root root system_u:object_r:home_root_t /home
# grep smbd_t /etc/selinux/targeted/src/policy/policy.conf | head -1
allow smbd_t home_root_t:dir { read getattr lock search ioctl };
So I don't understand what's going on: the policy explicitly allows
domain smbd_t to perform search on home_root_t:dir and /home is already
labeled home_root_t.
Any ideas?
More information about the fedora-selinux-list
mailing list