[Samba] samba and selinux help

Mario Remy Almeida malmeida at isaaviation.ae
Sun Jan 11 17:07:02 GMT 2009 

Hi All,

Need help

I am bit confused dont know the bellow access should be given or not.
SElinux is enabled and is in Enforcing mode

I get the bellow error message in audit.log file
I have no problem in browsing the shared folders.
would like to know if there is any configuration mistake in my setup for
the bellow error message to appear.

type=AVC msg=audit(1231692866.771:2843): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.771:2843): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.773:2844): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.773:2844): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.887:2845): avc:  denied  { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692866.887:2845): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373c80 a2=7fffa1373c80
a3=828e070fefd7f9e5 items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.000:2846): avc:  denied  { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692867.000:2846): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1142f110 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.066:2847): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.066:2847): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.067:2848): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.067:2848): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.884:2849): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.884:2849): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=1 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.885:2850): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.885:2850): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.891:2851): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.891:2851): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.892:2852): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.892:2852): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.894:2853): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.894:2853): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.895:2854): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.895:2854): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.904:2855): avc:  denied  { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692869.904:2855): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373bc0 a2=7fffa1373bc0
a3=be5795d13ef2ad9f items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.908:2856): avc:  denied  { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692869.908:2856): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1146cd90 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.915:2857): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.915:2857): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.916:2858): avc:  denied  { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.916:2858): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)


############ START OF smb.conf ####################
[global]
	workgroup = AIRARABIA
	realm = AIRARABIA.COM
	netbios name = AA-FTP
	server string = Samba File Server
	security = ADS
	password server = 10.200.2.22
	passdb backend = tdbsam
	username map = /etc/samba/smbusers
	log level = 3
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	printcap name = /etc/printcap
	preferred master = No
	domain master = No
	ldap ssl = no
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind separator = +
	winbind use default domain = Yes
	vscan-clamav:config-file = /etc/samba/vscan-clamav.conf
	create mask = 0664
	force create mode = 0660
	force security mode = 0600
	directory mask = 0775
	force directory mode = 02770
	inherit permissions = Yes
	inherit acls = Yes
	inherit owner = Yes
	cups options = raw
	hide unreadable = Yes
	vfs objects = vscan-clamav

[Finance]
	comment = Finance
	path = /home/Finance
	read only = No

[I T]
	comment = IT
	path = /home/IT
	read only = No

[SITA]
	comment = SITA
	path = /home/SITA
	read only = No

[Q A]
	comment = Q A
	path = /home/QA
	read only = No

[Operations]
	comment = Operations
	path = /home/Operations
	read only = No

[HR]
	comment = HR
	path = /home/HR
	read only = No

[Marketing]
	comment = Marketing
	path = /home/Marketing
	read only = No

[Investor Relations]
	comment = Investor Relations
	path = /home/Investor_Relations
	read only = No

[Flight Safety]
	comment = Flight Safety
	path = /home/Flight_Safety
	read only = No

[Finance Audit]
	comment = Finance Audit
	path = /home/Finance_Audit
	read only = No

[Dept Heads]
	comment = Dept Heads
	path = /home/Dept_Heads
	read only = No

[Sales]
	comment = Sales
	path = /home/Sales
	read only = No

[Customer Care]
	comment = Customer Care
	path = /home/Customer_Care
	read only = No

[CEO]
	comment = CEO
	path = /home/CEO
	read only = No

[CC Risk Mgmt]
	comment = CC Risk Mgmt
	path = /home/CC_Risk_Mgmt
	read only = No

[Share]
	comment = Share
	path = /home/Share
	read only = No


############ END OF smb.conf ####################
//Remy

More information about the samba mailing list