Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   How to clear Samba through SELinux (http://www.linux-archive.org/fedora-selinux-support/710198-how-clear-samba-through-selinux.html)

Temlakos 10-07-2012 11:39 AM

How to clear Samba through SELinux
 
Everyone:

I go through this exercise with every update. I have two machines on my
network. One runs Windows; the other runs Fedora (now up to 17).


Right now, the Fedora box can "see" everything in the Windows box that
belongs to the default Windows user.


But: the Windows box can see that a share is available but may not visit
the share.


I cleared Samba through the firewall; otherwise I'd have no connection
at all.


Now: what Booleans or modules do I need to set or reset to clear Samba
through SELinux? I don't seem to have any configuration tool (not
graphical, anyway) to let me see where the problem is. The Windows box
doesn't say much, except "Windows cannot access this share; you need to
talk to the system admin in charge of the other system." Well, I /am/
the system admin. I'd like to clear each machine for full read-write
access to the other. But right now, I have to do all my sharing through
the Fedora machine.


(As to why I would even want a Windows machine around: I keep it around
for programs like TV tuning and DVD authoring that /just work out of the
box/. I also use that Windows box as a print server. That works.)


So in essence, my Fedora box is a good client but a bad server. I think
maybe SELinux is the one remaining obstacle. I need to know how to clear it.


Temlakos
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

yersinia 10-07-2012 01:25 PM

How to clear Samba through SELinux
 
Difficult to answer without any info. Do you see any avc samba related
? And the samba log what tell you , do you see any acceso denied ?

2012/10/7, Temlakos <temlakos@gmail.com>:
> Everyone:
>
> I go through this exercise with every update. I have two machines on my
> network. One runs Windows; the other runs Fedora (now up to 17).
>
> Right now, the Fedora box can "see" everything in the Windows box that
> belongs to the default Windows user.
>
> But: the Windows box can see that a share is available but may not visit
> the share.
>
> I cleared Samba through the firewall; otherwise I'd have no connection
> at all.
>
> Now: what Booleans or modules do I need to set or reset to clear Samba
> through SELinux? I don't seem to have any configuration tool (not
> graphical, anyway) to let me see where the problem is. The Windows box
> doesn't say much, except "Windows cannot access this share; you need to
> talk to the system admin in charge of the other system." Well, I /am/
> the system admin. I'd like to clear each machine for full read-write
> access to the other. But right now, I have to do all my sharing through
> the Fedora machine.
>
> (As to why I would even want a Windows machine around: I keep it around
> for programs like TV tuning and DVD authoring that /just work out of the
> box/. I also use that Windows box as a print server. That works.)
>
> So in essence, my Fedora box is a good client but a bad server. I think
> maybe SELinux is the one remaining obstacle. I need to know how to clear it.
>
> Temlakos
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
Inviato dal mio dispositivo mobile
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Frank Murphy 10-07-2012 02:08 PM

How to clear Samba through SELinux
 
On 07/10/12 12:39, Temlakos wrote:
I don't seem to have any configuration tool (not

graphical, anyway)


in a console type:
yum install policycoreutils-gui

You will then in Administraton
have an ison for Selinux Management
if you clikc booleans, and scroll down.
You will see a number of them for Samba.

(Xfce, don't know about other Desktops)

--
Regards,
Frank
"Jack of all, fubars"
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

yersinia 10-07-2012 05:15 PM

How to clear Samba through SELinux
 
If you have a recent selinux distro, i can be more precise if
necessary , you can put samba in permissive mode, if you think your
problem is selinux.

Hth

2012/10/7, Temlakos <temlakos@gmail.com>:
> Everyone:
>
> I go through this exercise with every update. I have two machines on my
> network. One runs Windows; the other runs Fedora (now up to 17).
>
> Right now, the Fedora box can "see" everything in the Windows box that
> belongs to the default Windows user.
>
> But: the Windows box can see that a share is available but may not visit
> the share.
>
> I cleared Samba through the firewall; otherwise I'd have no connection
> at all.
>
> Now: what Booleans or modules do I need to set or reset to clear Samba
> through SELinux? I don't seem to have any configuration tool (not
> graphical, anyway) to let me see where the problem is. The Windows box
> doesn't say much, except "Windows cannot access this share; you need to
> talk to the system admin in charge of the other system." Well, I /am/
> the system admin. I'd like to clear each machine for full read-write
> access to the other. But right now, I have to do all my sharing through
> the Fedora machine.
>
> (As to why I would even want a Windows machine around: I keep it around
> for programs like TV tuning and DVD authoring that /just work out of the
> box/. I also use that Windows box as a print server. That works.)
>
> So in essence, my Fedora box is a good client but a bad server. I think
> maybe SELinux is the one remaining obstacle. I need to know how to clear it.
>
> Temlakos
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
Inviato dal mio dispositivo mobile
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Tristan Santore 10-07-2012 05:27 PM

How to clear Samba through SELinux
 
On 07/10/12 12:39, Temlakos wrote:
> Everyone:
>
> I go through this exercise with every update. I have two machines on my
> network. One runs Windows; the other runs Fedora (now up to 17).
>
> Right now, the Fedora box can "see" everything in the Windows box that
> belongs to the default Windows user.
>
> But: the Windows box can see that a share is available but may not visit
> the share.
>
> I cleared Samba through the firewall; otherwise I'd have no connection
> at all.
>
> Now: what Booleans or modules do I need to set or reset to clear Samba
> through SELinux? I don't seem to have any configuration tool (not
> graphical, anyway) to let me see where the problem is. The Windows box
> doesn't say much, except "Windows cannot access this share; you need to
> talk to the system admin in charge of the other system." Well, I /am/
> the system admin. I'd like to clear each machine for full read-write
> access to the other. But right now, I have to do all my sharing through
> the Fedora machine.
>
> (As to why I would even want a Windows machine around: I keep it around
> for programs like TV tuning and DVD authoring that /just work out of the
> box/. I also use that Windows box as a print server. That works.)
>
> So in essence, my Fedora box is a good client but a bad server. I think
> maybe SELinux is the one remaining obstacle. I need to know how to clear
> it.
>
> Temlakos
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
getsebool -a|grep samba

setsebool name_of_bool on/off

To make changes permanent, after you worked out which one you need/want:

setsebool -P name_of_bool on/off

Regards,
Tristan

--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore@internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore@fedoraproject.org
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 10-07-2012 05:55 PM

How to clear Samba through SELinux
 
On Sun, 2012-10-07 at 18:27 +0100, Tristan Santore wrote:

> > So in essence, my Fedora box is a good client but a bad server. I think
> > maybe SELinux is the one remaining obstacle. I need to know how to clear
> > it.
> >
> > Temlakos

To determine if selinux is blocking you can toggle detection only mode
by running the following command:

setenforce 0

No reboot required or anything, it goes into effect immediately
Then do your tests

You can see the current status of selinux with:

getenforce

if it returns "Permissive" then your selinux is in detection only mode
if it returns "Enforcing" then your selinux is in full prevention mode

If your tests succeeds when selinux is in permissive mode but not when
selinux is in enforcing mode then it is likely selinux blocking access.

If your tests fail in both permissive as well as enforcing mode then you
can rule out any selinux issues and look for issues elsewhere

After your tests be sure to go back to enforcing mode:

setenforce 1


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Temlakos 10-07-2012 06:29 PM

How to clear Samba through SELinux
 
On 10/07/2012 10:08 AM, Frank Murphy wrote:

On 07/10/12 12:39, Temlakos wrote:
I don't seem to have any configuration tool (not

graphical, anyway)


in a console type:
yum install policycoreutils-gui

You will then in Administraton
have an ison for Selinux Management
if you clikc booleans, and scroll down.
You will see a number of them for Samba.

(Xfce, don't know about other Desktops)



Everyone:

Thank you all for your suggestions.

First, I did a quick Google search on the terms "samba" and "SELinux"
together. I found two Booleans to set to 1. When I did, my Fedora
machine became a proper server.


But Frank's suggestion to install the policycoreutils GUI front-end was
a good one. In KDE, that does put an "SELinux Management" application in
the Administration menu. (I use either the Yum Extender or Apper for all
my software management.


I'm going to keep the other suggestions on file. I hope I can remember
to switch those Booleans in the next upgrade. Which I anticipate doing
after Christmas. By then, F18 will be out for a month, and maybe that
will be time for RPMfusion and Livna to catch up with it, and for other
package maintainers to iron out the kinks.


Temlakos
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 10-08-2012 02:48 PM

How to clear Samba through SELinux
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/07/2012 07:39 AM, Temlakos wrote:
> Everyone:
>
> I go through this exercise with every update. I have two machines on my
> network. One runs Windows; the other runs Fedora (now up to 17).
>
> Right now, the Fedora box can "see" everything in the Windows box that
> belongs to the default Windows user.
>
> But: the Windows box can see that a share is available but may not visit
> the share.
>
> I cleared Samba through the firewall; otherwise I'd have no connection at
> all.
>
> Now: what Booleans or modules do I need to set or reset to clear Samba
> through SELinux? I don't seem to have any configuration tool (not
> graphical, anyway) to let me see where the problem is. The Windows box
> doesn't say much, except "Windows cannot access this share; you need to
> talk to the system admin in charge of the other system." Well, I /am/ the
> system admin. I'd like to clear each machine for full read-write access to
> the other. But right now, I have to do all my sharing through the Fedora
> machine.
>
> (As to why I would even want a Windows machine around: I keep it around
> for programs like TV tuning and DVD authoring that /just work out of the
> box/. I also use that Windows box as a print server. That works.)
>
> So in essence, my Fedora box is a good client but a bad server. I think
> maybe SELinux is the one remaining obstacle. I need to know how to clear
> it.
>
> Temlakos -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Try using the smbd_selinux man page

man smbd_selinux



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBy58YACgkQrlYvE4MpobNcGACaA1cnA0etAG BQd5TVfqDkC5BE
4pIAoIT2LjwhiQnqzVq8LbDfSE8Eq6dO
=EOvw
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 09:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.