Samba log files have wrong context?

Bob Kashani bobk at ocf.berkeley.edu
Mon Jun 4 00:08:26 UTC 2007


SELinux keeps complaining that the file contexts for log files
in /var/log/samba are wrong. All of the files are labeled samba_log_t
but it seems to want samba_share_t, is this correct?

This is what selinux troubleshooter reports:

Summary
    SELinux is preventing samba (/usr/sbin/smbd) "append" to log.chaucer
    (samba_log_t).

Detailed Description
    SELinux denied samba access to log.chaucer. If you want to share
this
    directory with samba it has to have a file context label of
samba_share_t.
    If you did not intend to use log.chaucer as a samba repository it
could
    indicate either a bug or it could signal a intrusion attempt.

Allowing Access
    You can alter the file context by executing chcon -R -t
samba_share_t
    log.chaucer

    The following command will allow this access:
    chcon -R -t samba_share_t log.chaucer

Additional Information        

Source Context                system_u:system_r:smbd_t
Target Context                system_u:object_r:samba_log_t
Target Objects                log.chaucer [ file ]
Affected RPM Packages         samba-3.0.25-2.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-8.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.samba_share
Host Name                     chaucer
Platform                      Linux chaucer 2.6.21-1.3194.fc7 #1 SMP Wed
May 23
                              22:35:01 EDT 2007 i686 athlon
Alert Count                   3
First Seen                    Sun 03 Jun 2007 04:50:41 PM PDT
Last Seen                     Sun 03 Jun 2007 04:50:41 PM PDT
Local ID                      ef44bd9c-87aa-4898-9c3d-bb0a3def2ade
Line Numbers                  

Raw Audit Messages            

avc: denied { append } for comm="smbd" dev=sda2 egid=0 euid=0
exe="/usr/sbin/smbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
name="log.chaucer"
pid=2945 scontext=system_u:system_r:smbd_t:s0 sgid=0
subj=system_u:system_r:smbd_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:samba_log_t:s0 tty=(none) uid=0





More information about the fedora-selinux-list mailing list