On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote: > On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar@xxxxxxxx> wrote: > > Hello > > On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote: > > > On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar@xxxxxxxx> wrote: > > > > Hello > > > > > > > > I get an alert from selinux, telling me to do: > > > > > > > > 'setsebool -P samba_export_all_ro=1' > > > > > > > > I did, but still cannot connect to the share from a other pc's. > > > > Do I have to reboot? > > > > > > > > ps. all booleans for samba is selected in selinux administration. > > > > > > > > Henning Larsen > > > > > > > > > Are you still getting alerts? > > > > > After doing that setsebool -P samba.... I still get alerts, but I found > > one solution via google, like this: > > > > # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba > > # semodule -i mysamba.pp > > > > This removes the alert, but I think it not is the proper way. > > Maybe it is a bug?. > > If so, how do I remove the modification I have made, when the bug is > > fixed? > > > > Thanks for helping. > > > Its definitely not the proper way for a program as popular as Samba. I > have it running on a machine with SELinux myself so I know it works. > > Do you have setroubleshoot installed? It helps troubleshoot these > issues, often suggesting exactly what to do. and describing what > happened as much as possible. > > If you still have the full description of the issue, paste it here. If > we can't understand it, try the selinux mailing list. I do not have the full report, since it is gone, because what I did to get rid of the alert. I have setroubleshoot installed an it told me to do: 'setsebool -P samba_export_all_ro=1' I did, but it kept telling me to do the same thing. The share is ntfs on usb. I should try to share an ordinary filesystem, but the alert has gone after doing: # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp I do not know how to reverse this. btw, I can live with it since the alert has gone and I use enforcing mode. Thanks Henning Larsen
