samba and system users home

[Vadym Chepkov]

Yes, they are mount points.

Sincerely yours,
  Vadym Chepkov


--- On Thu, 8/13/09, Daniel J Walsh <dwalsh at redhat.com> wrote:

> From: Daniel J Walsh <dwalsh at redhat.com>
> Subject: Re: samba and system users home
> To: "Paul Howarth" <paul at city-fan.org>
> Cc: "Vadym Chepkov" <chepkov at yahoo.com>, "Fedora SELinux" <fedora-selinux-list at redhat.com>
> Date: Thursday, August 13, 2009, 5:31 PM
> On 08/13/2009 04:50 PM, Paul Howarth
> wrote:
> > On Thu, 13 Aug 2009 13:03:41 -0700 (PDT)
> > Vadym Chepkov <chepkov at yahoo.com>
> wrote:
> > 
> >> Hi,
> >>
> >> Each time anybody trying to access a samba share I
> get a denials like
> >> this:
> >>
> >> type=AVC msg=audit(1250191256.756:26956):
> avc:  denied  { getattr }
> >> for  pid=20508 comm="smbd" path="/var/www"
> dev=dm-5 ino=2
> >> scontext=system_u:system_r:smbd_t:s0
> >> tcontext=system_u:object_r:httpd_sys_content_t:s0
> tclass=dir
> >>
> >> type=AVC msg=audit(1250191256.756:26955):
> avc:  denied  { getattr }
> >> for  pid=20508 comm="smbd" path="/var/mysql"
> dev=dm-4 ino=2
> >> scontext=system_u:system_r:smbd_t:s0
> >> tcontext=system_u:object_r:mysqld_db_t:s0
> tclass=dir
> >>
> >> I am not sure why samba is trying to access this
> directories, it's no
> >> ones home, just a mount point. dovecot generates
> the same AVCs, but
> >> only when it starts. What is the best way to
> suppress these? Thanks.
> > 
> > I've been getting these for years too! Well, I've had
> these in local
> > policy for several releases:
> > 
> > # Samba needs to be able to access stuff under /srv
> > allow smbd_t var_t:dir getattr;
> > 
> > # F11 noise reduction
> > dontaudit smbd_t lost_found_t:dir { getattr read };
> > dontaudit smbd_t squid_cache_t:dir getattr;
> > dontaudit smbd_t mysqld_db_t:dir getattr;
> > 
> > Paul.
> > 
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Are these mountpoints on your system?
>