SAMBA home directories and SELinux
Stephen Walton
stephen.walton at csun.edu
Wed Oct 5 16:06:33 UTC 2005
Daniel J Walsh wrote:
> Install selinux-policy-targeted-sources
>
> cd /etc/selinux/targeted/src/policy
> make enableaudit; make load
>
> Try the smbclient command
>
> Grab the AVC messages
OK, I did this and it was pretty clear from the result that the problem
was the labeling of /home. In fact, the problem was the lack of
labeling. Because /home was still around from an original FC1 install
on this system, it did not get labeled appropriately on install of FC4,
and therefore smbclient didn't work with SELinux enabled. A quick
# touch /.autorelabel
and a reboot fixed the problem. FYI, the appropriate labels seem to be
system_u:object_r:home_root_t for /home, user_u:object_r:user_home_dir_t
for user directories in /home, and user_u:object_r:user_home_t for
users' other files and directories.
Thanks to everyone for their help and patience with this problem.
More information about the fedora-list
mailing list