Selinux breaks samba with no AVC's...
Tom Lisjac
netdxr at gmail.com
Tue Sep 27 20:44:35 UTC 2005
I'm trying to make samba shares available on a new FC4 server I've
just built that's running selinux-policy-targeted-1.27.1-2.1. I
relabelled after the update the other day, ran permissive until
everything worked, added the following to local.te and recompiled the
policy sources:
allow smbd_t home_root_t:dir { getattr search };
allow smbd_t httpd_sys_content_t:dir { getattr read remove_name search write };
allow smbd_t httpd_sys_content_t:file { getattr lock read unlink };
allow smbd_t samba_net_tmp_t:file { getattr read write };
allow smbd_t user_home_dir_t:dir { getattr read };
allow smbd_t user_home_t:dir getattr;
allow smbd_t user_home_t:file getattr;
When I switched to enforcing, I couldn't connect... and there were no
new AVC's. Switching back to permissive worked.
I've never seen this behavior before. In the past when enforcing,
there has always been an AVC to explain a denial of service. This time
there wasn't. Turning off selinux fixes the problem so there must be a
relationship.
Disabling selinux seems to be my only alternative... but I'd rather
not. Any suggestions would be appreciated.
-Tom
More information about the fedora-selinux-list
mailing list