Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Selinux breaks samba with no AVC's...: msg#00145
|
Subject: |
Selinux breaks samba with no AVC's... |
I'm trying to make samba shares available on a new FC4 server I've
just built that's running selinux-policy-targeted-1.27.1-2.1. I
relabelled after the update the other day, ran permissive until
everything worked, added the following to local.te and recompiled the
policy sources:
allow smbd_t home_root_t:dir { getattr search };
allow smbd_t httpd_sys_content_t:dir { getattr read remove_name search write };
allow smbd_t httpd_sys_content_t:file { getattr lock read unlink };
allow smbd_t samba_net_tmp_t:file { getattr read write };
allow smbd_t user_home_dir_t:dir { getattr read };
allow smbd_t user_home_t:dir getattr;
allow smbd_t user_home_t:file getattr;
When I switched to enforcing, I couldn't connect... and there were no
new AVC's. Switching back to permissive worked.
I've never seen this behavior before. In the past when enforcing,
there has always been an AVC to explain a denial of service. This time
there wasn't. Turning off selinux fixes the problem so there must be a
relationship.
Disabling selinux seems to be my only alternative... but I'd rather
not. Any suggestions would be appreciated.
-Tom
|
| |
