[FC5] Samba and SELinux

Dan Thurman dant at cdkkt.com
Tue Apr 11 16:06:21 UTC 2006 

On Tue, 2006-04-11 at 08:05 -0400, Stephen Smalley wrote:
> On Mon, 2006-04-10 at 10:01 -0700, Dan Thurman wrote:
> > I su as root initially and in my /root directory
> > and created the "foo" there.  You did not state
> > where to create "foo" so if I did this in the
> > wrong place, please let me know.
> 
> Re-added the list to the cc line above.
> 
> It doesn't matter where you create it - it is just a temporary working
> directory.
> 
> >   I downloaded the
> > checkmodule and installed it earlier so it appears
> > that this time everything works, except that in the
> > tmp file created, I did not get the same files as
> > you may have.  Here is the log of actions:
> > 
> > [dant at copper ~]$ su -
> > Password:
> > [root at copper ~]# mkdir foo
> > [root at copper ~]# cd foo
> > [root at copper foo]# vi local.te
> > [root at copper foo]# touch local.if local.fc
> > [root at copper foo]# make -f /usr/share/selinux/devel/Makefile
> > Compliling targeted local module
> > /usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
> > /usr/bin/checkmodule:  policy configuration loaded
> > /usr/bin/checkmodule:  writing binary representation (version 5) to
> > tmp/local.mod
> > Creating targeted local.pp policy package
> > rm tmp/local.mod.fc tmp/local.mod
> > [root at copper foo]# ls
> > local.fc  local.if  local.pp  local.te  tmp
> > [root at copper foo]# ls tmp
> > all_interfaces.conf  local.mod.role  local.tmp
> > [root at copper foo]#
> 
> Looks correct to me, and matches what was in my original message.  So
> now you finish the sequence of instructions I provided originally, i.e.
> # semodule -i local.pp
> 
> Then retry accessing /var/www content from samba, and if it still
> doesn't work, check your /var/log/messages file for avc:  denied
> messages.
> 

Ok, I thought the file local.pp was to exist somewhere which I did not
find anywhere.  That was my confusion.

OK I issued:  semodule -i local.pp
and it completed.

I went to a windows system and I am now able to view /var/www contents.
I am also able to create and delete files and directories.  All is now
working well!.

If there is anything else, please let me know.

Kind regards,
Dan

More information about the fedora-selinux-list mailing list