Re: Selinux does not allow samba

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Henning Larsen wrote:
> On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote:
>> On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
>>> Hello
>>> On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote:
>>>> On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
>>>>> Hello
>>>>>
>>>>> I get an alert from selinux, telling me to do:
>>>>>
>>>>> 'setsebool -P samba_export_all_ro=1'
>>>>>
>>>>> I did, but still cannot connect to the share from a other pc's.
>>>>> Do I have to reboot?
>>>>>
>>>>> ps. all booleans for samba is selected in selinux administration.
>>>>>
>>>>> Henning Larsen
>>>>
>>>> Are you still getting alerts?
>>>>
>>> After doing that setsebool -P samba....  I still get alerts, but I found
>>> one solution via google, like this:
>>>
>>> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
>>> # semodule -i mysamba.pp
>>>
>>> This removes the alert, but I think it not is the proper way.
>>> Maybe it is a bug?.
>>> If so, how do I remove the modification I have made, when the bug is
>>> fixed?
>>>
>>> Thanks for helping.
>>
>> Its definitely not the proper way for a program as popular as Samba. I
>> have it running on a machine with SELinux myself so I know it works.
>>
>> Do you have setroubleshoot installed? It helps troubleshoot these
>> issues, often suggesting exactly what to do. and describing what
>> happened as much as possible.
>>
>> If you still have the full description of the issue, paste it here. If
>> we can't understand it, try the selinux mailing list.
> 
> I do not have the full report, since it is gone, because what I did to
> get rid of the alert.
> I have setroubleshoot installed an it told me to do:
> 
> 'setsebool -P samba_export_all_ro=1'
> 
> I did, but it kept telling me to do the same thing.
> The share is ntfs on usb. I should try to share an ordinary filesystem,
> but the alert has gone after doing:
> 
> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
> # semodule -i mysamba.pp
> 
> I do not know how to reverse this.
> 
> btw, I can live with it since the alert has gone and I use enforcing
> mode.
> 
> Thanks
> Henning Larsen
> 
Please attach the avc messages that you generated policy for.  Looks
like you are using samba to share an NFS partition off of a unix box?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeiIWgACgkQrlYvE4MpobO7bQCeOm5I+H9+jp1w3NUDyKVk1fhD
HjAAn0Yqg+SVMjMze6UCDWnTbxnKNMH5
=g26K
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux