[Samba] samba and selinux help
Mario Remy Almeida
malmeida at isaaviation.ae
Sun Jan 11 17:07:02 GMT 2009
Hi All,
Need help
I am bit confused dont know the bellow access should be given or not.
SElinux is enabled and is in Enforcing mode
I get the bellow error message in audit.log file
I have no problem in browsing the shared folders.
would like to know if there is any configuration mistake in my setup for
the bellow error message to appear.
type=AVC msg=audit(1231692866.771:2843): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.771:2843): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.773:2844): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692866.773:2844): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692866.887:2845): avc: denied { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692866.887:2845): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373c80 a2=7fffa1373c80
a3=828e070fefd7f9e5 items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.000:2846): avc: denied { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692867.000:2846): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1142f110 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.066:2847): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.066:2847): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692867.067:2848): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692867.067:2848): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.884:2849): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.884:2849): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=1 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.885:2850): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.885:2850): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.891:2851): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.891:2851): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.892:2852): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.892:2852): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.894:2853): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.894:2853): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=2 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.895:2854): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.895:2854): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.904:2855): avc: denied { read } for
pid=8535 comm="winbindd" name="tmp" dev=sda2 ino=2464802
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=lnk_file
type=SYSCALL msg=audit(1231692869.904:2855): arch=c000003e syscall=4
success=no exit=-13 a0=2b9f1381f157 a1=7fffa1373bc0 a2=7fffa1373bc0
a3=be5795d13ef2ad9f items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd"
exe="/usr/sbin/winbindd" subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.908:2856): avc: denied { search } for
pid=8535 comm="winbindd" name="coolkey" dev=sda2 ino=2172295
scontext=root:system_r:winbind_t:s0
tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1231692869.908:2856): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f1146cd90 a1=4c2 a2=180 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.915:2857): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.915:2857): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=632e3562726b2f35
items=0 ppid=1 pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1231692869.916:2858): avc: denied { read } for
pid=8535 comm="winbindd" name="filesystems" dev=proc ino=4026531844
scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1231692869.916:2858): arch=c000003e syscall=2
success=no exit=-13 a0=2b9f0c4a61d0 a1=0 a2=0 a3=0 items=0 ppid=1
pid=8535 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=3 comm="winbindd" exe="/usr/sbin/winbindd"
subj=root:system_r:winbind_t:s0 key=(null)
############ START OF smb.conf ####################
[global]
workgroup = AIRARABIA
realm = AIRARABIA.COM
netbios name = AA-FTP
server string = Samba File Server
security = ADS
password server = 10.200.2.22
passdb backend = tdbsam
username map = /etc/samba/smbusers
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = No
domain master = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
vscan-clamav:config-file = /etc/samba/vscan-clamav.conf
create mask = 0664
force create mode = 0660
force security mode = 0600
directory mask = 0775
force directory mode = 02770
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
cups options = raw
hide unreadable = Yes
vfs objects = vscan-clamav
[Finance]
comment = Finance
path = /home/Finance
read only = No
[I T]
comment = IT
path = /home/IT
read only = No
[SITA]
comment = SITA
path = /home/SITA
read only = No
[Q A]
comment = Q A
path = /home/QA
read only = No
[Operations]
comment = Operations
path = /home/Operations
read only = No
[HR]
comment = HR
path = /home/HR
read only = No
[Marketing]
comment = Marketing
path = /home/Marketing
read only = No
[Investor Relations]
comment = Investor Relations
path = /home/Investor_Relations
read only = No
[Flight Safety]
comment = Flight Safety
path = /home/Flight_Safety
read only = No
[Finance Audit]
comment = Finance Audit
path = /home/Finance_Audit
read only = No
[Dept Heads]
comment = Dept Heads
path = /home/Dept_Heads
read only = No
[Sales]
comment = Sales
path = /home/Sales
read only = No
[Customer Care]
comment = Customer Care
path = /home/Customer_Care
read only = No
[CEO]
comment = CEO
path = /home/CEO
read only = No
[CC Risk Mgmt]
comment = CC Risk Mgmt
path = /home/CC_Risk_Mgmt
read only = No
[Share]
comment = Share
path = /home/Share
read only = No
############ END OF smb.conf ####################
//Remy
More information about the samba
mailing list