F8 samba AVCs
Paul Howarth
paul at city-fan.org
Tue Mar 4 13:35:17 UTC 2008
I seem to have started getting some strange samba AVCs recently.
time->Tue Mar 4 09:19:23 2008
type=SYSCALL msg=audit(1204622363.345:5098): arch=c000003e syscall=4
success=no exit=-13 a0=7fff884950d0 a1=7fff88494800 a2=7fff88494800
a3=7fff88494cd0 items=0 ppid=6593 pid=1987 auid=500 uid=500 gid=0
euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none)
comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0
key=(null)
type=AVC msg=audit(1204622363.345:5098): avc: denied { getattr } for
pid=1987 comm="smbd" path="/home/paul/.recently-used.xbel" dev=dm-16
ino=2442050 scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file
This is despite having samba_enable_home_dirs set:
# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_nfs --> off
use_samba_home_dirs --> off
# rpm -qa --last selinux\*
selinux-policy-devel-3.0.8-87.fc8 Fri 29 Feb 2008 11:23:47
AM GMT
selinux-policy-targeted-3.0.8-87.fc8 Fri 29 Feb 2008 11:23:32
AM GMT
selinux-policy-3.0.8-87.fc8 Fri 29 Feb 2008 11:23:28
AM GMT
BTW, what does samba_run_unconfined do?
What's the difference between user_home_t and unconfined_home_t? This
box is a fresh install of F8 but with /home preserved from F7.
Paul.
More information about the fedora-selinux-list
mailing list