Re: fedora-list Digest, Vol 10, Issue 384

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have just applied the latest updates to a Fedora Core 3 box using up2date -uf.
This server runs Samba and is configured to integrate with an Active Directory domain.
Soon after the upgrade users started complaining that there where no more able to gain access to shared resources.

I have checked /var/log/messages and I have found those errors:
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.911:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.913:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.913:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.914:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 last message repeated 2 times
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.915:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.916:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:27 sbifs01 kernel: audit(1103908047.917:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.054:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.055:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 24 18:07:28 sbifs01 kernel: audit(1103908048.056:0): avc: denied { append } for pid=3285 exe=/usr/sbin/winbindd name=winbindd.log dev=md0 ino=38153 sco
ntext=root:system_r:winbind_t tcontext=user_u:object_r:var_log_t tclass=file

I realized that this problem should be related to the latest SELinux policies, I have checked which one is installed and I have found selinux-policy-targeted-1.17.30-2.58
Not knowing enough about SELinux policy, how are released, how are designed and how to edit AND having services to provide to users I have temporarelly disabled SELinux setting "permissive" in /etc/selinux/config

Now I would like to get somebody else opinion about this problem, it's that a mistake of who designed policies? It's quite normal and the server administrator must appropriatelly edit policies?

Any suggestion will be greatly appreciated

Thanks
Gianni Bragante

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux