Disabling Selinux ?
Erwin J. Prinz
ejprinz at austin.rr.com
Sun Jul 3 22:42:44 UTC 2005
Marcel:
>>Switching off SELinux wont affect your data if you dont care about
>>security. However I would recommend running "setenforce 0" or looking
>>into /var/log/messages to check whether SELinux is the reason behind
>>your problems before turning it off. Posting to fedora-selinux with the
>>details would give developers a chance to tackle and fix the problems.
>>If you are doing this temporarily then setting it to permissive in
>>/etc/selinux/config is recommended over disabling it. See the FC3
>>SELinux FAQ for details
>>
>>
>
>There are no problems reported via /var/log/messages.
>So this indicates something else is broken.
>
>
No. If you have the service "auditd" running (switched on by default I
believe), then the SElinux error messages end up in the file
"/var/log/audit/audit.log", not in "/var/log/messages". There is
something broken in SElinux with respect to samba. I can start smbd and
nmbd daemons, but I can't print via samba, and I can't access user
directories either from windows98, or via "smbclient". There are error
messages in audit.log such as:
type=AVC msg=audit(1120010995.261:14912381): avc: denied { write }
for pid=14117 comm="smbd" name=[22081] dev=pipefs ino=22081
scontext=root:system_r:smbd_t tcontext=system_u:system_r:unconfined_t
tclass=fifo_file
which I think mean that SElinux interferes with samba. Until this is
fixed, I have set
SELINUX=permissive
in /etc/selinux/config
which allows samba to work as it used to in Fedora Core 3.
Best regards, Erwin
More information about the fedora-list
mailing list