[Samba] samba and selinux help

Mario Remy Almeida Sun, 11 Jan 2009 09:08:46 -0800

Hi All,

Need help


I am bit confused dont know the bellow access should be given or not.
SElinux is enabled and is in Enforcing mode

I get the bellow error message in audit.log file
I have no problem in browsing the shared folders.
would like to know if there is any configuration mistake in my setup for
the bellow error message to appear.

type=AVC msg=audit(1231692866.771:2843): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.771:2843): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.773:2844): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.773:2844): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.887:2845): avc:  denied  { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692866.887:2845): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373c80 a2=7fffa1373c80
a3=828e070fefd7f9e5 items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.000:2846): avc:  denied  { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692867.000:2846): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1142f110 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.066:2847): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.066:2847): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.067:2848): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.067:2848): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.884:2849): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.884:2849): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=1 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.885:2850): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.885:2850): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.891:2851): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.891:2851): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.892:2852): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.892:2852): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.894:2853): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.894:2853): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.895:2854): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.895:2854): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.904:2855): avc:  denied  { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692869.904:2855): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373bc0 a2=7fffa1373bc0
a3=be5795d13ef2ad9f items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.908:2856): avc:  denied  { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692869.908:2856): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1146cd90 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.915:2857): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.915:2857): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.916:2858): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.916:2858): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)


############ START OF smb.conf ####################
[global]
        workgroup = AIRARABIA
        realm = AIRARABIA.COM
        netbios name = AA-FTP
        server string = Samba File Server
        security = ADS
        password server = 10.200.2.22
        passdb backend = tdbsam
        username map = /etc/samba/smbusers
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        preferred master = No
        domain master = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        winbind use default domain = Yes
        vscan-clamav:config-file = /etc/samba/vscan-clamav.conf
        create mask = 0664
        force create mode = 0660
        force security mode = 0600
        directory mask = 0775
        force directory mode = 02770
        inherit permissions = Yes
        inherit acls = Yes
        inherit owner = Yes
        cups options = raw
        hide unreadable = Yes
        vfs objects = vscan-clamav

[Finance]
        comment = Finance
        path = /home/Finance
        read only = No

[I T]
        comment = IT
        path = /home/IT
        read only = No

[SITA]
        comment = SITA
        path = /home/SITA
        read only = No

[Q A]
        comment = Q A
        path = /home/QA
        read only = No

[Operations]
        comment = Operations
        path = /home/Operations
        read only = No

[HR]
        comment = HR
        path = /home/HR
        read only = No

[Marketing]
        comment = Marketing
        path = /home/Marketing
        read only = No

[Investor Relations]
        comment = Investor Relations
        path = /home/Investor_Relations
        read only = No

[Flight Safety]
        comment = Flight Safety
        path = /home/Flight_Safety
        read only = No

[Finance Audit]
        comment = Finance Audit
        path = /home/Finance_Audit
        read only = No

[Dept Heads]
        comment = Dept Heads
        path = /home/Dept_Heads
        read only = No

[Sales]
        comment = Sales
        path = /home/Sales
        read only = No

[Customer Care]
        comment = Customer Care
        path = /home/Customer_Care
        read only = No

[CEO]
        comment = CEO
        path = /home/CEO
        read only = No

[CC Risk Mgmt]
        comment = CC Risk Mgmt
        path = /home/CC_Risk_Mgmt
        read only = No

[Share]
        comment = Share
        path = /home/Share
        read only = No


############ END OF smb.conf ####################
//Remy

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and selinux help

Reply via email to