Can't export samba share

max bianco maximilianbianco at gmail.com
Sun Jul 27 19:38:45 UTC 2008 

On Sat, Jul 26, 2008 at 2:25 PM, Steve Blackwell <zephod at cfl.rr.com> wrote:
>> On Fri, Jul 25, 2008 at 7:27 PM, Steve Blackwell <zephod at cfl.rr.com>
>> wrote:
>>> I've been out of town for a few days but there were no new postings
>>> while I was away and I still don't have a solution for this.
>>>
>>
>> Might I suggest posting the AVC's so that everyone can see what is
>> going on.\
>
> I'm going to give it one more day and after that I'm going to have to
> turn selinux off.
>
This seems a bit extreme. Have you tried looking at the tools
available to help you?
audit2why and audit2allow
I have used these in the past to help me resolve my issues. It would
help if you could say you had tried these, if you could at least show
the output they provide you. I will help you as much as I can because
I am interested in learning more, getting others to help is usually
easier if they can see you are trying to resolve it yourself rather
than relying on them to just provide an easy answer which incidentally
will teach you nothing.


> This is from audit.log:
>
> type=AVC msg=audit(1217030414.315:34): avc:  denied  { read } for
> pid=7099 comm="smbd" name="/" dev=sdb1 ino=5
> scontext=system_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
>
This says that smbd is being denied the read permission for files of
the type fusefs
the _t is a convention that says "This is a type"

So you need a rule that allows smbd_t to read fusefs_t.
So try something like this:

ausearch -a 34 | audit2allow

what this will do is search the audit log for all the AVC's related to
this particular instance of smbd attempting its read access and feed
them to audit2allow. Audit2allow will generate some rule(s) based on
these AVC's. It doesn't mean you should blindly implement them but if
you can show the output , it can help in the process of fixing the
denial, if nothing else it will show the more experienced hands that
you have used the tools provided to at least try. You could substitute
audit2why in place of audit2allow and it will attempt to explain what
caused the denial. Can you post this to the list?

-Max


-- 
We start decomposing the day we are born

More information about the fedora-selinux-list mailing list