[Samba] Public shares in FC4 (update)

Louis E Garcia II louisg00 at bellsouth.net
Sat Feb 25 02:32:51 GMT 2006


On FC4 it's under /var/log/audit/audit.log. This is the only place I
found AVC errors.

# audit2allow -i /var/log/audit/audit.log
allow auditd_t self:fifo_file write;
allow cupsd_config_t proc_net_t:dir search;
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl write };
allow hald_t unconfined_t:fifo_file read;
allow httpd_t crond_t:fifo_file read;
allow nmbd_t unconfined_t:fifo_file write;
allow rpcd_t unconfined_t:fifo_file read;
allow smbd_t default_t:dir search;
allow smbd_t file_t:dir { getattr search };
allow smbd_t mnt_t:lnk_file read;
allow smbd_t root_t:dir write;
allow smbd_t unconfined_t:fifo_file write;
allow system_dbusd_t unconfined_t:fifo_file read;

I think I'm only worried about smb_t? There are 5 lines there, do I put
them all in /etc/selinux/targeted/src/policy/domains/misc/local.te?

or I only need some? I see nothing about /data/public access.

-Louis

On Fri, 2006-02-24 at 16:54 -0600, Don Meyer wrote:
> [Caveat:  My systems are mostly RHEL4 based, I don't have a FC4 
> system handy to verify paths & package names.  But they should be 
> somewhat close...]
> 
> First, you need to identify what the problem is:  If you cannot find 
> the AVC errors reported in your syslog, and decifer them to know how 
> to fix them manually, the easiest method is to run the following 
> utility command:
> 
>          audit2allow -i /var/log/messages
> 
> This will run the audit2allow utility against the current syslog 
> file, which I'm assuming will contain the AVC errors generated by 
> your problem.   (If log rotation has occurred since the errors, 
> simply run the command against /var/log/messages.1 .)
> 
> The output from this command needs to be added to (create if 
> necessary) the file:
> 
>          /etc/selinux/targeted/src/policy/domains/misc/local.te
> 
> (If the "src" directory is missing under /etc/selinux/targeted/, you 
> may need to install the selinux-policy-targeted-source package.)
> 
> When you've finished editing local.te, cd to the "policy" level, and 
> execute this command:
> 
>          cd /etc/selinux/targeted/src/policy/
>          make load
> 
> 
> After this, you can try your system to see if the error is still being thrown.
> 
> Cheers,
> -D
> 
> 
> At 03:42 PM 2/24/2006, Louis E Garcia II wrote:
> >Ok, I narrowed down the problem to selinux. With it off I have no
> >problems. How do label /data/public so samba can use it? I have tried:
> >
> ># chcon -R -t samba_share_t /data/public
> >
> >but it didn't help.
> >
> >
> >On Fri, 2006-02-24 at 12:32 -0500, Louis E Garcia II wrote:
> > > /dev/hda3    /data       ext3    defaults      1 2
> > >
> > > data is the partition.
> > >
> > > On Fri, 2006-02-24 at 09:18 +0100, Henrik Zagerholm wrote:
> > > > Have you mounted the other partition as data or is data just at dir
> > > > on the other partition?
> > > >
> > > > cheers,
> > > > henrik
> > > >
> > > > 24 feb 2006 kl. 02:30 skrev Louis E Garcia II:
> > > >
> > > > > I am able to share a directory under / like /samba and able to connect
> > > > > to it. The /data directory is not under / but a separate partition. I
> > > > > wouldn't think this is a problem?
> > > > >
> > > > > On Thu, 2006-02-23 at 18:20 -0500, Louis E Garcia II wrote:
> > > > >> I am trying to share a directory with samba-3.0.14a and FC4. readable
> > > > >> and writable to everyone.
> > > > >>
> > > > >> The directory is /data/public : 2777 root:root
> > > > >>
> > > > >> This is my smb.conf:
> > > > >>
> > > > >> [global]
> > > > >>         workgroup = HOMENETWORK
> > > > >>         server string = Samba Server
> > > > >>         security = SHARE
> > > > >>         hosts allow = 127.0.0.1, 192.168.0.0/24
> > > > >>         hosts deny = 192.168.0.1/24
> > > > >>
> > > > >> [public]
> > > > >>         comment = Public Stuff
> > > > >>         path = /data/public
> > > > >>         public = Yes
> > > > >>         read only = No
> > > > >>         browseable = Yes
> > > > >>         guest ok = Yes
> > > > >>         create mask = 2777
> > > > >>
> > > > >> I am able to browse the server but when I open the share public I
> > > > >> get an
> > > > >> error that the directory doesn't exist.
> > > > >>
> > > > >> I am stumped. --Louis
> > > > >>
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read the
> > > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> Don Meyer                                           <dlmeyer at uiuc.edu>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
> 
>    "They that can give up essential liberty to obtain a little 
> temporary safety,
>          deserve neither liberty or safety."     -- Benjamin Franklin, 1759 
> 



More information about the samba mailing list