FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-10-2008, 06:11 PM
Laurent Jacquot
 
Default setsebool ok & smb denied

Hello,
on my F8 up2date, SMB is denied read access to user_iceauth_home_t
context even if I have:


[root@jack ~]# getsebool -a |grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_nfs --> off
use_samba_home_dirs --> on

Should I bugzilla it? and also dontaudit, allow or deny?


Résumé:

SELinux is preventing the samba daemon from reading users' home
directories.

Description détaillée:

SELinux has denied the samba daemon access to users' home directories.
Someone
is attempting to access your home directories via your samba daemon. If
you only
setup samba to share non-home directories, this probably signals a
intrusion
attempt. For more information on SELinux integration with samba, look at
the
samba_selinux man page. (man samba_selinux)

Autoriser l'accès:

Si vous souhaitez que samba partage des répertoires personnels vous
devez
activer le booléen samba_enable_home_dirs : "setsebool -P
samba_enable_home_dirs=1"

La commande suivante autorisera cet accès :

setsebool -P samba_enable_home_dirs=1

Informations complémentaires:

Contexte source system_u:system_r:smbd_t:s0
Contexte cible system_ubject_r:user_iceauth_home_t:s0
Objets du contexte /home/alex/.ICEauthority [ file ]
Source smbd
Source Path /usr/sbin/smbd
Port <Inconnu>
Host jack.lutty.net
Source RPM Packages samba-3.0.28a-0.fc8
Target RPM Packages
Politique RPM selinux-policy-3.0.8-95.fc8
Selinux activé True
Type de politique targeted
MLS activé True
Mode strict Enforcing
Nom du plugin samba_enable_home_dirs
Nom de l'hôte jack.lutty.net
Plateforme Linux jack.lutty.net 2.6.24.4-64.fc8 #1
SMP Sat
Mar 29 09:54:46 EDT 2008 i686 i686
Compteur d'alertes 28
First Seen ven 04 avr 2008 23:16:29 CEST
Last Seen mer 09 avr 2008 16:34:17 CEST
Local ID d2ee22f9-866b-4305-94c8-a029aee20c19
Numéros des lignes

Messages d'audit bruts

host=jack.lutty.net type=AVC msg=audit(1207751657.63:1353): avc: denied
{ getattr } for pid=32716 comm="smbd" path="/home/alex/.ICEauthority"
dev=dm-11 ino=850503 scontext=system_u:system_r:smbd_t:s0
tcontext=system_ubject_r:user_iceauth_home_t:s0 tclass=file

host=jack.lutty.net type=SYSCALL msg=audit(1207751657.63:1353):
arch=40000003 syscall=195 success=no exit=-13 a0=bfc33194 a1=bfc32914
a2=4c5ff4 a3=bfc32914 items=0 ppid=3346 pid=32716 auid=4294967295
uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500
tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=system_u:system_r:smbd_t:s0 key=(null)

jk



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-10-2008, 08:01 PM
Daniel J Walsh
 
Default setsebool ok & smb denied

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurent Jacquot wrote:
> Hello,
> on my F8 up2date, SMB is denied read access to user_iceauth_home_t
> context even if I have:
>
>
> [root@jack ~]# getsebool -a |grep samba
> samba_domain_controller --> off
> samba_enable_home_dirs --> on
> samba_export_all_ro --> off
> samba_export_all_rw --> off
> samba_run_unconfined --> on
> samba_share_nfs --> off
> use_samba_home_dirs --> on
>
> Should I bugzilla it? and also dontaudit, allow or deny?
>
>
> Résumé:
>
> SELinux is preventing the samba daemon from reading users' home
> directories.
>
> Description détaillée:
>
> SELinux has denied the samba daemon access to users' home directories.
> Someone
> is attempting to access your home directories via your samba daemon. If
> you only
> setup samba to share non-home directories, this probably signals a
> intrusion
> attempt. For more information on SELinux integration with samba, look at
> the
> samba_selinux man page. (man samba_selinux)
>
> Autoriser l'accès:
>
> Si vous souhaitez que samba partage des répertoires personnels vous
> devez
> activer le booléen samba_enable_home_dirs : "setsebool -P
> samba_enable_home_dirs=1"
>
> La commande suivante autorisera cet accès :
>
> setsebool -P samba_enable_home_dirs=1
>
> Informations complémentaires:
>
> Contexte source system_u:system_r:smbd_t:s0
> Contexte cible system_ubject_r:user_iceauth_home_t:s0
> Objets du contexte /home/alex/.ICEauthority [ file ]
> Source smbd
> Source Path /usr/sbin/smbd
> Port <Inconnu>
> Host jack.lutty.net
> Source RPM Packages samba-3.0.28a-0.fc8
> Target RPM Packages
> Politique RPM selinux-policy-3.0.8-95.fc8
> Selinux activé True
> Type de politique targeted
> MLS activé True
> Mode strict Enforcing
> Nom du plugin samba_enable_home_dirs
> Nom de l'hôte jack.lutty.net
> Plateforme Linux jack.lutty.net 2.6.24.4-64.fc8 #1
> SMP Sat
> Mar 29 09:54:46 EDT 2008 i686 i686
> Compteur d'alertes 28
> First Seen ven 04 avr 2008 23:16:29 CEST
> Last Seen mer 09 avr 2008 16:34:17 CEST
> Local ID d2ee22f9-866b-4305-94c8-a029aee20c19
> Numéros des lignes
>
> Messages d'audit bruts
>
> host=jack.lutty.net type=AVC msg=audit(1207751657.63:1353): avc: denied
> { getattr } for pid=32716 comm="smbd" path="/home/alex/.ICEauthority"
> dev=dm-11 ino=850503 scontext=system_u:system_r:smbd_t:s0
> tcontext=system_ubject_r:user_iceauth_home_t:s0 tclass=file
>
> host=jack.lutty.net type=SYSCALL msg=audit(1207751657.63:1353):
> arch=40000003 syscall=195 success=no exit=-13 a0=bfc33194 a1=bfc32914
> a2=4c5ff4 a3=bfc32914 items=0 ppid=3346 pid=32716 auid=4294967295
> uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500
> tty=(none) comm="smbd" exe="/usr/sbin/smbd"
> subj=system_u:system_r:smbd_t:s0 key=(null)
>
> jk
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkf+chAACgkQrlYvE4MpobM1QACg2j5hJ4jTFD WtlesuhBSTtDui
phwAnRcmyRf9YE767ud+uknxRI2TvEXa
=3TfP
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org