Selinux does not allow samba

Arthur Pemberton pemboa at gmail.com
Thu Jan 31 19:05:58 UTC 2008 

On Jan 31, 2008 12:02 PM, Henning Larsen <hennlar at start.no> wrote:
>
>
> On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote:
> > On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar at start.no> wrote:
> > > Hello
> > > On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote:
> > > > On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar at start.no> wrote:
> > > > > Hello
> > > > >
> > > > > I get an alert from selinux, telling me to do:
> > > > >
> > > > > 'setsebool -P samba_export_all_ro=1'
> > > > >
> > > > > I did, but still cannot connect to the share from a other pc's.
> > > > > Do I have to reboot?
> > > > >
> > > > > ps. all booleans for samba is selected in selinux administration.
> > > > >
> > > > > Henning Larsen
> > > >
> > > >
> > > > Are you still getting alerts?
> > > >
> > > After doing that setsebool -P samba....  I still get alerts, but I found
> > > one solution via google, like this:
> > >
> > > # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
> > > # semodule -i mysamba.pp
> > >
> > > This removes the alert, but I think it not is the proper way.
> > > Maybe it is a bug?.
> > > If so, how do I remove the modification I have made, when the bug is
> > > fixed?
> > >
> > > Thanks for helping.
> >
> >
> > Its definitely not the proper way for a program as popular as Samba. I
> > have it running on a machine with SELinux myself so I know it works.
> >
> > Do you have setroubleshoot installed? It helps troubleshoot these
> > issues, often suggesting exactly what to do. and describing what
> > happened as much as possible.
> >
> > If you still have the full description of the issue, paste it here. If
> > we can't understand it, try the selinux mailing list.
>
> I do not have the full report, since it is gone, because what I did to
> get rid of the alert.
> I have setroubleshoot installed an it told me to do:
>
> 'setsebool -P samba_export_all_ro=1'
>
> I did, but it kept telling me to do the same thing.
> The share is ntfs on usb. I should try to share an ordinary filesystem,
> but the alert has gone after doing:
>
> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
> # semodule -i mysamba.pp
>
> I do not know how to reverse this.
>
> btw, I can live with it since the alert has gone and I use enforcing
> mode.
>
> Thanks

No prob.


-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

More information about the fedora-list mailing list