[unclassified] Re: Problem getting samba share running

Stephen Smalley sds at tycho.nsa.gov
Thu Nov 15 18:55:16 UTC 2007


On Thu, 2007-11-15 at 10:49 -0800, Knute Johnson wrote:
> >On Wed, 2007-11-14 at 19:32 -0800, Knute Johnson wrote:
> >> No matter what I try, I keep getting a selinux error when I create a 
> >> share in my home directory.  I've enabled home directories and set  
> >> read/write in the booleans, I've set the directory to rw for all 
> >> users, and I've tried several different contexts, samba_share_t, 
> >> public_content_rw_t and at least one other with the same results.  
> >> Here is the message I get:
> >> 
> >> avc: denied { read } for comm=nmbd dev=inotifyfs path=inotify 
> >> pid=3296 scontext=system_u:system_r:nmbd_t:s0 tclass=dir  
> >> tcontext=system_u:object_r:inotifyfs_t:s0
> >> 
> >> I've looked at the tutorials and they all apparently lack some vital  
> >> information that 'every body knows' except me :-).  
> >> 
> >> Any help would be appreciated.
> >
> >inotifyfs is a pseudo filesystem for the kernel's inotify API
> >(monitoring file system events).  You can allow it via a local policy
> >module using audit2allow until it gets added to the default policy.
> >
> >-- 
> >Stephen Smalley
> >National Security Agency
> 
> Stephen:
> 
> Thanks for your response.  I need a little more help.  I managed to 
> create the local.te file but I can't make/reload/ or load it.  The 
> help files I found searching about say I need package selinux-policy-
> targeted-sources.  There doesn't seem to be one of those packages for 
> F8.  Where do I go from here?

The -sources package was only for Fedora <= 4 and RHEL4; Fedora >= 5 and
RHEL5 have loadable policy modules - no need to install or build the
full policy sources anymore.

You can compile that local.te file manually with checkmodule, package it
with semodule_package, and install it with semodule, but the easier way
to do things is:
# audit2allow -M local < /var/log/audit/audit.log (or /var/log/messages
or wherever that avc message appears)
# semodule -i local.pp


-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list