[unclassified] Re: Problem getting samba share running
Stephen Smalley
sds at tycho.nsa.gov
Thu Nov 15 18:55:16 UTC 2007
On Thu, 2007-11-15 at 10:49 -0800, Knute Johnson wrote:
> >On Wed, 2007-11-14 at 19:32 -0800, Knute Johnson wrote:
> >> No matter what I try, I keep getting a selinux error when I create a
> >> share in my home directory. I've enabled home directories and set
> >> read/write in the booleans, I've set the directory to rw for all
> >> users, and I've tried several different contexts, samba_share_t,
> >> public_content_rw_t and at least one other with the same results.
> >> Here is the message I get:
> >>
> >> avc: denied { read } for comm=nmbd dev=inotifyfs path=inotify
> >> pid=3296 scontext=system_u:system_r:nmbd_t:s0 tclass=dir
> >> tcontext=system_u:object_r:inotifyfs_t:s0
> >>
> >> I've looked at the tutorials and they all apparently lack some vital
> >> information that 'every body knows' except me :-).
> >>
> >> Any help would be appreciated.
> >
> >inotifyfs is a pseudo filesystem for the kernel's inotify API
> >(monitoring file system events). You can allow it via a local policy
> >module using audit2allow until it gets added to the default policy.
> >
> >--
> >Stephen Smalley
> >National Security Agency
>
> Stephen:
>
> Thanks for your response. I need a little more help. I managed to
> create the local.te file but I can't make/reload/ or load it. The
> help files I found searching about say I need package selinux-policy-
> targeted-sources. There doesn't seem to be one of those packages for
> F8. Where do I go from here?
The -sources package was only for Fedora <= 4 and RHEL4; Fedora >= 5 and
RHEL5 have loadable policy modules - no need to install or build the
full policy sources anymore.
You can compile that local.te file manually with checkmodule, package it
with semodule_package, and install it with semodule, but the easier way
to do things is:
# audit2allow -M local < /var/log/audit/audit.log (or /var/log/messages
or wherever that avc message appears)
# semodule -i local.pp
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list