Running a script from Samba

[Aleksander Adamowski]

Daniel J Walsh wrote:
> Tony Molloy wrote:
>   
>> This is on Centos not Fedora but that shouldn't matter.
>>
>> If I want Samba to run a script ( logon logout scripts ) what context should I 
>> set the scripts to.
>>
>> Thanks,,
>>
>> Tony
>>     
> /var/lib/samba/scripts(/.*)?
> system_u:object_r:samba_unconfined_script_exec_t:s0
>   

Hi!

I have a problem with this type on Fedora 9 (upgraded from Fedora 8).

I'm trying to rebuild the policy and recompile my custom modules for 
policy version 3.3, but when I try to replace the base policy I get the 
error that this type is not defined:

# semodule -b /usr/share/selinux/targeted/base.pp
libsepol.context_from_record: type samba_unconfined_script_exec_t is not 
defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert 
system_u:object_r:samba_unconfined_script_exec_t:s0 to sid
invalid context system_u:object_r:samba_unconfined_script_exec_t:s0
libsemanage.semanage_install_active: setfiles returned error code 1.
semodule:  Failed!

I've removed all my custom modules; my file_contexts.local contains only 
one entry that concerns stunnel:
/usr/bin/stunnel -- system_u:object_r:stunnel_exec_t:s0

I also have the unconfined.pp module unloaded (when it was Fedora 8). 
But when I try to load it back on Fedora 9, I get this error:

# semodule -i /usr/share/selinux/targeted/unconfined.pp
libsepol.permission_copy_callback: Module unconfined depends on 
permission forward_out in class packet, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!

Which is probably (I think) due to the old base.pp being still used 
because I cannot install the new one because of this problem with Samba 
script type.

Could you suggest a path for getting out of this situation?

-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl