[Samba] Public shares in FC4 (update)

Don Meyer dlmeyer at uiuc.edu
Sun Feb 26 05:43:36 GMT 2006


Look at your AVC error (below) -- to paraphrase, avc denied search 
for smbd for the name "/".  That is running into a problem accessing 
(traversing) the root directory.   Hence the need to allow "search" 
on default_t.


At 09:30 PM 2/25/2006, Louis E Garcia II wrote:
>I spoke to soon. I am able to get samba working with this but not sure
>if it's correct.
>
>allow smbd_t default_t:dir search;
>
>Would it be better: allow smbd_t samba_share_t:dir search;
>
>and relabel:
>drwxrwsrwx  root     root     system_u:object_r:samba_share_t  public
>
>This seems more secure to me but doesn't work. I still get:
>
>type=AVC msg=audit(1140923608.645:86): avc:  denied  { search } for
>pid=3338 comm="smbd" name="/" dev=hda5 ino=2
>scontext=root:system_r:smbd_t tcontext=system_u:object_r:default_t
>tclass=dir
>...
>why does smbd_t still see system_u:object_t:default_t
>

Don Meyer                                           <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 



More information about the samba mailing list