[Samba] Public shares in FC4 (update)
Louis E Garcia II
louisg00 at bellsouth.net
Sun Feb 26 07:06:41 GMT 2006
Yes I just realized that. I solved it another way.
When I had this samba couldn't see public. I got avc error saying smbd_t
needed access to default_t
drwxr-xr-x root root system_u:object_r:default_t /data
drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
When I had this samba could see public and it worked.
drwxr-xr-x root root system_u:object_r:samba_share_t /data
drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
I think this is a better solution then to have samba have access to any
new dir with default_t. What do you think?
-Louis
On Sat, 2006-02-25 at 23:43 -0600, Don Meyer wrote:
> Look at your AVC error (below) -- to paraphrase, avc denied search
> for smbd for the name "/". That is running into a problem accessing
> (traversing) the root directory. Hence the need to allow "search"
> on default_t.
>
>
> At 09:30 PM 2/25/2006, Louis E Garcia II wrote:
> >I spoke to soon. I am able to get samba working with this but not sure
> >if it's correct.
> >
> >allow smbd_t default_t:dir search;
> >
> >Would it be better: allow smbd_t samba_share_t:dir search;
> >
> >and relabel:
> >drwxrwsrwx root root system_u:object_r:samba_share_t public
> >
> >This seems more secure to me but doesn't work. I still get:
> >
> >type=AVC msg=audit(1140923608.645:86): avc: denied { search } for
> >pid=3338 comm="smbd" name="/" dev=hda5 ino=2
> >scontext=root:system_r:smbd_t tcontext=system_u:object_r:default_t
> >tclass=dir
> >...
> >why does smbd_t still see system_u:object_t:default_t
> >
>
> Don Meyer <dlmeyer at uiuc.edu>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
>
> "They that can give up essential liberty to obtain a little
> temporary safety,
> deserve neither liberty or safety." -- Benjamin Franklin, 1759
>
More information about the samba
mailing list