It is actually in the smb.conf file, assuming that it doesn't get overwritten by swat. Here is an excerpt:
# Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_ro on # or # setsebool -P samba_export_all_rw on # # If you want to run scripts (preexec/root prexec/print command/...) please # put them into the /var/lib/samba/scripts directory so that smbd will be # allowed to run them. # Make sure you COPY them and not MOVE them so that the right SELinux context # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts # You can feel free to turn SELinux, but if you play around with it, it can be useful as an extra line of defense against intruders. - Rilindo On Oct 20, 2011, at 11:26 PM, Todd And Margo Chester wrote: > On Oct 20, 2011, at 10:30 PM, Todd And Margo Chester wrote: >>> Hi All, >>> >>> I have always found selinux a pain in the neck, and in >>> past have just removed it to get my stuff working. >>> >>> Question: what are the ramifications of just removing >>> selinux from SL 6.1? Is selinux worth the effort? >>> >>> Many thanks, >>> -T > > On 10/20/2011 07:50 PM, RILINDO FOSTER wrote: >> SELinux is just a couple of more of steps when configuring the system. Its a >> not a large deal once you figure out the basic command set. In fact, come >> of the steps configuring an app for SELinux is even outlined in the man >> pages and some of the application docs, (notably Samba). > > Not finding it in "man smb.conf". Am I blind? >> >> Worse case, you can use the audit file as well as the SELinux Troubleshooter >> utility to diagnose the issue. In most case, it is easy to resolve. >> >> - Rilindo > > What are the ramifications of just disabling selinux? Good idea? Bad Idea? > > -T
