-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henning Larsen wrote: > On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote: >> On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar@xxxxxxxx> wrote: >>> Hello >>> On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote: >>>> On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar@xxxxxxxx> wrote: >>>>> Hello >>>>> >>>>> I get an alert from selinux, telling me to do: >>>>> >>>>> 'setsebool -P samba_export_all_ro=1' >>>>> >>>>> I did, but still cannot connect to the share from a other pc's. >>>>> Do I have to reboot? >>>>> >>>>> ps. all booleans for samba is selected in selinux administration. >>>>> >>>>> Henning Larsen >>>> >>>> Are you still getting alerts? >>>> >>> After doing that setsebool -P samba.... I still get alerts, but I found >>> one solution via google, like this: >>> >>> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba >>> # semodule -i mysamba.pp >>> >>> This removes the alert, but I think it not is the proper way. >>> Maybe it is a bug?. >>> If so, how do I remove the modification I have made, when the bug is >>> fixed? >>> >>> Thanks for helping. >> >> Its definitely not the proper way for a program as popular as Samba. I >> have it running on a machine with SELinux myself so I know it works. >> >> Do you have setroubleshoot installed? It helps troubleshoot these >> issues, often suggesting exactly what to do. and describing what >> happened as much as possible. >> >> If you still have the full description of the issue, paste it here. If >> we can't understand it, try the selinux mailing list. > > I do not have the full report, since it is gone, because what I did to > get rid of the alert. > I have setroubleshoot installed an it told me to do: > > 'setsebool -P samba_export_all_ro=1' > > I did, but it kept telling me to do the same thing. > The share is ntfs on usb. I should try to share an ordinary filesystem, > but the alert has gone after doing: > > # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba > # semodule -i mysamba.pp > > I do not know how to reverse this. > > btw, I can live with it since the alert has gone and I use enforcing > mode. > > Thanks > Henning Larsen > Please attach the avc messages that you generated policy for. Looks like you are using samba to share an NFS partition off of a unix box? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeiIWgACgkQrlYvE4MpobO7bQCeOm5I+H9+jp1w3NUDyKVk1fhD HjAAn0Yqg+SVMjMze6UCDWnTbxnKNMH5 =g26K -----END PGP SIGNATURE-----