Re: Selinux does not allow samba

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote:
> On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
> > Hello
> > On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote:
> > > On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
> > > > Hello
> > > >
> > > > I get an alert from selinux, telling me to do:
> > > >
> > > > 'setsebool -P samba_export_all_ro=1'
> > > >
> > > > I did, but still cannot connect to the share from a other pc's.
> > > > Do I have to reboot?
> > > >
> > > > ps. all booleans for samba is selected in selinux administration.
> > > >
> > > > Henning Larsen
> > >
> > >
> > > Are you still getting alerts?
> > >
> > After doing that setsebool -P samba....  I still get alerts, but I found
> > one solution via google, like this:
> >
> > # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
> > # semodule -i mysamba.pp
> >
> > This removes the alert, but I think it not is the proper way.
> > Maybe it is a bug?.
> > If so, how do I remove the modification I have made, when the bug is
> > fixed?
> >
> > Thanks for helping.
> 
> 
> Its definitely not the proper way for a program as popular as Samba. I
> have it running on a machine with SELinux myself so I know it works.
> 
> Do you have setroubleshoot installed? It helps troubleshoot these
> issues, often suggesting exactly what to do. and describing what
> happened as much as possible.
> 
> If you still have the full description of the issue, paste it here. If
> we can't understand it, try the selinux mailing list.

I do not have the full report, since it is gone, because what I did to
get rid of the alert.
I have setroubleshoot installed an it told me to do:

'setsebool -P samba_export_all_ro=1'

I did, but it kept telling me to do the same thing.
The share is ntfs on usb. I should try to share an ordinary filesystem,
but the alert has gone after doing:

# grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp

I do not know how to reverse this.

btw, I can live with it since the alert has gone and I use enforcing
mode.

Thanks
Henning Larsen


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux