samba share avcs

Steve G linux_4ever at
Fri Dec 23 16:33:58 UTC 2005


This is a long standing problem that causes me to do "setenforce 0". I wished
there was a boolean to just turn of checking of samba or a streamlined way for
samba to relabel things on startup. In any event, I have a share, /src, which I
want to access across the network. It fails. This is what I see in the logs:

type=PATH msg=audit(12/23/2005 10:37:26.180:20524) : item=0
name=gtk+-2.8.9/gdk-pixbuf/pixops/pixops.c inode=1934832 dev=03:07 mode=dir,755
ouid=sgrubb ogid=sgrubb rdev=00:00 obj=user_u:object_r:user_home_t:s0
type=CWD msg=audit(12/23/2005 10:37:26.180:20524) :  cwd=/src
type=SYSCALL msg=audit(12/23/2005 10:37:26.180:20524) : arch=x86_64 syscall=stat
success=no exit=-13(Permission denied) a0=7fffffe1c720 a1=7fffffe1b120
a2=7fffffe1b120 a3=7fffffe1aaec items=1 pid=23380 auid=root uid=nobody gid=root
euid=nobody suid=root fsuid=nobody egid=nobody sgid=nobody fsgid=nobody comm=smbd
exe=/usr/sbin/smbd subj=root:system_r:smbd_t:s0
type=AVC msg=audit(12/23/2005 10:37:26.180:20524) : avc:  denied  { search } for 
pid=23380 comm=smbd name=gtk+-2.8.9 dev=hda7 ino=1934832
scontext=root:system_r:smbd_t:s0 tcontext=user_u:object_r:user_home_t:s0

What is the correct solution for this?


Yahoo! for Good - Make a difference this year.

More information about the fedora-selinux-list mailing list