-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Henning Larsen wrote:
On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote:
> On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar(a)start.no> wrote:
>> Hello
>> On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote:
>>> On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar(a)start.no> wrote:
>>>> Hello
>>>>
>>>> I get an alert from selinux, telling me to do:
>>>>
>>>> 'setsebool -P samba_export_all_ro=1'
>>>>
>>>> I did, but still cannot connect to the share from a other pc's.
>>>> Do I have to reboot?
>>>>
>>>> ps. all booleans for samba is selected in selinux administration.
>>>>
>>>> Henning Larsen
>>>
>>> Are you still getting alerts?
>>>
>> After doing that setsebool -P samba.... I still get alerts, but I found
>> one solution via google, like this:
>>
>> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
>> # semodule -i mysamba.pp
>>
>> This removes the alert, but I think it not is the proper way.
>> Maybe it is a bug?.
>> If so, how do I remove the modification I have made, when the bug is
>> fixed?
>>
>> Thanks for helping.
>
> Its definitely not the proper way for a program as popular as Samba. I
> have it running on a machine with SELinux myself so I know it works.
>
> Do you have setroubleshoot installed? It helps troubleshoot these
> issues, often suggesting exactly what to do. and describing what
> happened as much as possible.
>
> If you still have the full description of the issue, paste it here. If
> we can't understand it, try the selinux mailing list.
I do not have the full report, since it is gone, because what I did to
get rid of the alert.
I have setroubleshoot installed an it told me to do:
'setsebool -P samba_export_all_ro=1'
I did, but it kept telling me to do the same thing.
The share is ntfs on usb. I should try to share an ordinary filesystem,
but the alert has gone after doing:
# grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp
I do not know how to reverse this.
btw, I can live with it since the alert has gone and I use enforcing
mode.
Thanks
Henning Larsen
Please attach the avc messages that you generated policy for. Looks
like you are using samba to share an NFS partition off of a unix box?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkeiIWgACgkQrlYvE4MpobO7bQCeOm5I+H9+jp1w3NUDyKVk1fhD
HjAAn0Yqg+SVMjMze6UCDWnTbxnKNMH5
=g26K
-----END PGP SIGNATURE-----