Re: Selinux does not allow samba


On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote:
On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
Hello
On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote:
On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar@xxxxxxxx> wrote:
Hello

I get an alert from selinux, telling me to do:

'setsebool -P samba_export_all_ro=1'

I did, but still cannot connect to the share from a other pc's.
Do I have to reboot?

ps. all booleans for samba is selected in selinux administration.

Henning Larsen


Are you still getting alerts?

After doing that setsebool -P samba.... I still get alerts, but I found
one solution via google, like this:

# grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp

This removes the alert, but I think it not is the proper way.
Maybe it is a bug?.
If so, how do I remove the modification I have made, when the bug is
fixed?

Thanks for helping.


Its definitely not the proper way for a program as popular as Samba. I
have it running on a machine with SELinux myself so I know it works.

Do you have setroubleshoot installed? It helps troubleshoot these
issues, often suggesting exactly what to do. and describing what
happened as much as possible.

If you still have the full description of the issue, paste it here. If
we can't understand it, try the selinux mailing list.

I do not have the full report, since it is gone, because what I did to
get rid of the alert.
I have setroubleshoot installed an it told me to do:

'setsebool -P samba_export_all_ro=1'

I did, but it kept telling me to do the same thing.
The share is ntfs on usb. I should try to share an ordinary filesystem,
but the alert has gone after doing:

# grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp

I do not know how to reverse this.

btw, I can live with it since the alert has gone and I use enforcing
mode.

Thanks
Henning Larsen

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Does IE8 support this properly on events now ?
    ... this keyword is not proper (or ... implemented by all browsers. ... This isn't true for attribute on body in Firefox, due to a bug. ... alert "true", ...
    (comp.lang.javascript)
  • Re: Does IE8 support this properly on events now ?
    ... this keyword is not proper (or ... This isn't true for attribute on body in Firefox, due to a bug. ... alert "true", ... attachEvent as it is (though I think the chance of that happening is ...
    (comp.lang.javascript)
  • Re: Selinux does not allow samba
    ... ps. all booleans for samba is selected in selinux administration. ... This removes the alert, but I think it not is the proper way. ... Its definitely not the proper way for a program as popular as Samba. ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
    (Fedora)
  • Re: Selinux does not allow samba
    ... ps. all booleans for samba is selected in selinux administration. ... This removes the alert, but I think it not is the proper way. ... Maybe it is a bug?. ...
    (Fedora)
  • Re: Selinux does not allow samba
    ... ps. all booleans for samba is selected in selinux administration. ... This removes the alert, but I think it not is the proper way. ... Maybe it is a bug?. ... Its definitely not the proper way for a program as popular as Samba. ...
    (Fedora)