[unclassified] Re: Problem getting samba share running
Knute Johnson
knute at frazmtn.com
Thu Nov 15 23:39:18 UTC 2007
>On Thu, 2007-11-15 at 10:49 -0800, Knute Johnson wrote:
>> >On Wed, 2007-11-14 at 19:32 -0800, Knute Johnson wrote:
>> >> No matter what I try, I keep getting a selinux error when I create a
>> >> share in my home directory. I've enabled home directories and set
>> >> read/write in the booleans, I've set the directory to rw for all
>> >> users, and I've tried several different contexts, samba_share_t,
>> >> public_content_rw_t and at least one other with the same results.
>> >> Here is the message I get:
>> >>
>> >> avc: denied { read } for comm=nmbd dev=inotifyfs path=inotify
>> >> pid=3296 scontext=system_u:system_r:nmbd_t:s0 tclass=dir
>> >> tcontext=system_u:object_r:inotifyfs_t:s0
>> >>
>> >> I've looked at the tutorials and they all apparently lack some vital
>> >> information that 'every body knows' except me :-).
>> >>
>> >> Any help would be appreciated.
>> >
>> >inotifyfs is a pseudo filesystem for the kernel's inotify API
>> >(monitoring file system events). You can allow it via a local policy
>> >module using audit2allow until it gets added to the default policy.
>> >
>> >--
>> >Stephen Smalley
>> >National Security Agency
>>
>> Stephen:
>>
>> Thanks for your response. I need a little more help. I managed to
>> create the local.te file but I can't make/reload/ or load it. The
>> help files I found searching about say I need package selinux-policy-
>> targeted-sources. There doesn't seem to be one of those packages for
>> F8. Where do I go from here?
>
>The -sources package was only for Fedora <= 4 and RHEL4; Fedora >= 5 and
>RHEL5 have loadable policy modules - no need to install or build the
>full policy sources anymore.
>
>You can compile that local.te file manually with checkmodule, package it
>with semodule_package, and install it with semodule, but the easier way
>to do things is:
># audit2allow -M local < /var/log/audit/audit.log (or /var/log/messages
>or wherever that avc message appears)
># semodule -i local.pp
Thanks very much Stephen. That worked great to get rid of that
wrinkle.
--
Knute Johnson
Molon Labe...
More information about the fedora-selinux-list
mailing list