audit2allow gave you the code to allow "search" capability on
directories labeled "default_t". You are instead giving samba full
access to the parent directory of your share(s) by re-labeling it.
It's your call whether granting smbd the limited "search" capability
to all directories labeled "default_t" is more or less secure than
granting smbd full access to a single parent directory.
At 01:06 AM 2/26/2006, Louis E Garcia II wrote:
Yes I just realized that. I solved it another way.
When I had this samba couldn't see public. I got avc error saying smbd_t
needed access to default_t
drwxr-xr-x root root system_u:object_r:default_t /data
drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
When I had this samba could see public and it worked.
drwxr-xr-x root root system_u:object_r:samba_share_t /data
drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
I think this is a better solution then to have samba have access to any
new dir with default_t. What do you think?
-Louis
On Sat, 2006-02-25 at 23:43 -0600, Don Meyer wrote:
> Look at your AVC error (below) -- to paraphrase, avc denied search
> for smbd for the name "/". That is running into a problem accessing
> (traversing) the root directory. Hence the need to allow "search"
> on default_t.
>
Don Meyer <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
