avc: denied { search } for smbd

Felipe Alfaro Solana lkml at mac.com
Sat Apr 23 09:32:03 UTC 2005


Hello,

I have just installed FC4t2 on a new system with SELinux enabled. SAMBA 
complains with the following avc when trying to mount a shared resource 
named XEN whose path is /home/user:

audit(1114248344.419:0): avc:  denied  { search } for  pid=3329 
exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 
scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t 
tclass=dir
audit(1114248344.425:0): avc:  denied  { search } for  pid=3329 
exe=/usr/sbin/smbd name=home dev=dm-0 ino=196609 
scontext=root:system_r:smbd_t tcontext=system_u:object_r:home_root_t 
tclass=dir

# tail /etc/samba/smb.conf
[XEN]
     comment = Data placeholder
     path = /home/user
     public = yes
     browseable = yes
     writable = yes

# ls -ldZ /home
drwxr-xr-x  root     root     system_u:object_r:home_root_t    /home

# grep smbd_t /etc/selinux/targeted/src/policy/policy.conf | head -1
allow smbd_t home_root_t:dir { read getattr lock search ioctl };

So I don't understand what's going on: the policy explicitly allows 
domain smbd_t to perform search on home_root_t:dir and /home is already 
labeled home_root_t.

Any ideas?




More information about the fedora-selinux-list mailing list