Looks like you have multiple SELinux issues to track down and
resolve. Hard telling whether they all trace back to a single cause though...
To have a better idea of how the errors trace to operations, open two
shells on a console. In one, "tail -f /var/log/audit/audit.log" --
this will give you a live display of the logged warnings &
errors. In the other, try some operations -- restart your smb
service, and try the operations that are giving your problems. Watch
the other console to see the AVC errors as they happen.
You can use "tail -f ..." and pipe the output to a /tmp file to
capture snippets relevant to specific actions/operations. These can
then be processed through "audit2allow" to find the specific
modifications that you'll need to add to your local.te file and then
reload your SELinux policy.
-D
At 08:32 PM 2/24/2006, Louis E Garcia II wrote:
On FC4 it's under /var/log/audit/audit.log. This is the only place I
found AVC errors.
# audit2allow -i /var/log/audit/audit.log
allow auditd_t self:fifo_file write;
allow cupsd_config_t proc_net_t:dir search;
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl write };
allow hald_t unconfined_t:fifo_file read;
allow httpd_t crond_t:fifo_file read;
allow nmbd_t unconfined_t:fifo_file write;
allow rpcd_t unconfined_t:fifo_file read;
allow smbd_t default_t:dir search;
allow smbd_t file_t:dir { getattr search };
allow smbd_t mnt_t:lnk_file read;
allow smbd_t root_t:dir write;
allow smbd_t unconfined_t:fifo_file write;
allow system_dbusd_t unconfined_t:fifo_file read;
I think I'm only worried about smb_t? There are 5 lines there, do I put
them all in /etc/selinux/targeted/src/policy/domains/misc/local.te?
or I only need some? I see nothing about /data/public access.
-Louis
On Fri, 2006-02-24 at 16:54 -0600, Don Meyer wrote:
> [Caveat: My systems are mostly RHEL4 based, I don't have a FC4
> system handy to verify paths & package names. But they should be
> somewhat close...]
>
> First, you need to identify what the problem is: If you cannot find
> the AVC errors reported in your syslog, and decifer them to know how
> to fix them manually, the easiest method is to run the following
> utility command:
>
> audit2allow -i /var/log/messages
>
Don Meyer <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
