[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

avc: denied { search } for smbd



Hello,

I have just installed FC4t2 on a new system with SELinux enabled. SAMBA complains with the following avc when trying to mount a shared resource named XEN whose path is /home/user:

audit(1114248344.419:0): avc: denied { search } for pid=3329 exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t tclass=dir
audit(1114248344.425:0): avc: denied { search } for pid=3329 exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t tclass=dir


# tail /etc/samba/smb.conf
[XEN]
    comment = Data placeholder
    path = /home/user
    public = yes
    browseable = yes
    writable = yes

# ls -ldZ /home
drwxr-xr-x  root     root     system_u:object_r:home_root_t    /home

# grep smbd_t /etc/selinux/targeted/src/policy/policy.conf | head -1
allow smbd_t home_root_t:dir { read getattr lock search ioctl };

So I don't understand what's going on: the policy explicitly allows domain smbd_t to perform search on home_root_t:dir and /home is already labeled home_root_t.

Any ideas?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]