setsebool ok & smb denied

Laurent Jacquot jk at
Thu Apr 10 18:11:35 UTC 2008

on my F8 up2date, SMB is denied read access to user_iceauth_home_t
context even if I have:

[root at jack ~]# getsebool -a |grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_nfs --> off
use_samba_home_dirs --> on

Should I bugzilla it? and also dontaudit, allow or deny?


SELinux is preventing the samba daemon from reading users' home

Description détaillée:

SELinux has denied the samba daemon access to users' home directories.
is attempting to access your home directories via your samba daemon. If
you only
setup samba to share non-home directories, this probably signals a
attempt. For more information on SELinux integration with samba, look at
samba_selinux man page. (man samba_selinux)

Autoriser l'accès:

Si vous souhaitez que samba partage des répertoires personnels vous
activer le booléen samba_enable_home_dirs : "setsebool -P

La commande suivante autorisera cet accès :

setsebool -P samba_enable_home_dirs=1

Informations complémentaires:

Contexte source               system_u:system_r:smbd_t:s0
Contexte cible                system_u:object_r:user_iceauth_home_t:s0
Objets du contexte            /home/alex/.ICEauthority [ file ]
Source                        smbd
Source Path                   /usr/sbin/smbd
Port                          <Inconnu>
Source RPM Packages           samba-3.0.28a-0.fc8
Target RPM Packages           
Politique RPM                 selinux-policy-3.0.8-95.fc8
Selinux activé               True
Type de politique             targeted
MLS activé                   True
Mode strict                   Enforcing
Nom du plugin                 samba_enable_home_dirs
Nom de l'hôte      
Plateforme                    Linux #1
                              Mar 29 09:54:46 EDT 2008 i686 i686
Compteur d'alertes            28
First Seen                    ven 04 avr 2008 23:16:29 CEST
Last Seen                     mer 09 avr 2008 16:34:17 CEST
Local ID                      d2ee22f9-866b-4305-94c8-a029aee20c19
Numéros des lignes           

Messages d'audit bruts type=AVC msg=audit(1207751657.63:1353): avc:  denied
{ getattr } for  pid=32716 comm="smbd" path="/home/alex/.ICEauthority"
dev=dm-11 ino=850503 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:user_iceauth_home_t:s0 tclass=file type=SYSCALL msg=audit(1207751657.63:1353):
arch=40000003 syscall=195 success=no exit=-13 a0=bfc33194 a1=bfc32914
a2=4c5ff4 a3=bfc32914 items=0 ppid=3346 pid=32716 auid=4294967295
uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500
tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=system_u:system_r:smbd_t:s0 key=(null)


More information about the fedora-selinux-list mailing list