samba and system users home
Paul Howarth
paul at city-fan.org
Thu Aug 13 20:50:26 UTC 2009
On Thu, 13 Aug 2009 13:03:41 -0700 (PDT)
Vadym Chepkov <chepkov at yahoo.com> wrote:
> Hi,
>
> Each time anybody trying to access a samba share I get a denials like
> this:
>
> type=AVC msg=audit(1250191256.756:26956): avc: denied { getattr }
> for pid=20508 comm="smbd" path="/var/www" dev=dm-5 ino=2
> scontext=system_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
>
> type=AVC msg=audit(1250191256.756:26955): avc: denied { getattr }
> for pid=20508 comm="smbd" path="/var/mysql" dev=dm-4 ino=2
> scontext=system_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
>
> I am not sure why samba is trying to access this directories, it's no
> ones home, just a mount point. dovecot generates the same AVCs, but
> only when it starts. What is the best way to suppress these? Thanks.
I've been getting these for years too! Well, I've had these in local
policy for several releases:
# Samba needs to be able to access stuff under /srv
allow smbd_t var_t:dir getattr;
# F11 noise reduction
dontaudit smbd_t lost_found_t:dir { getattr read };
dontaudit smbd_t squid_cache_t:dir getattr;
dontaudit smbd_t mysqld_db_t:dir getattr;
Paul.
More information about the fedora-selinux-list
mailing list