Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 24th December 2007, 09:25 PM
yaperp Offline
Registered User
 
Join Date: Dec 2007
Posts: 1
SELinux blocking file sharing

when i use samba to share a folder with the following command:
Code:
net usershare add share_1 /home/dennis/Desktop/junk "" dennis:F guest_ok=y
settroubleshoot tells me:
Code:
Summary
    SELinux is preventing /usr/bin/net (samba_net_t) "read" to <Unknown>
    (samba_share_t).

Detailed Description
    SELinux denied access requested by /usr/bin/net. It is not expected that
    this access is required by /usr/bin/net and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown> If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                unconfined_u:system_r:samba_net_t:s0-s0:c0.c1023
Target Context                system_u:object_r:samba_share_t:s0
Target Objects                None [ dir ]
Affected RPM Packages         samba-common-3.0.28-0.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-72.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     desk1.home
Platform                      Linux desk1.home 2.6.23.9-85.fc8 #1 SMP Fri Dec 7
                              15:49:36 EST 2007 x86_64 x86_64
Alert Count                   37
First Seen                    Mon 24 Dec 2007 09:48:44 AM EST
Last Seen                     Mon 24 Dec 2007 04:20:26 PM EST
Local ID                      c3e737fd-f50c-4192-9d35-cc74a7a57c31
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm=net dev=dm-0 egid=500 euid=500 exe=/usr/bin/net
exit=-13 fsgid=500 fsuid=500 gid=500 items=0 name=usershares pid=4511
scontext=unconfined_u:system_r:samba_net_t:s0-s0:c0.c1023 sgid=500
subj=unconfined_u:system_r:samba_net_t:s0-s0:c0.c1023 suid=500 tclass=dir
tcontext=system_u:object_r:samba_share_t:s0 tty=(none) uid=500
when selinux is in permissive mode, I can share this folder. In Enforcing mode I can not.


The following is the security contex of /var/lib/samba/usershares

Code:
drwxrwx--T  root dennis system_u:object_r:samba_share_t:s0 usershares
contents of /etc/selinux/targeted/modules/active/booleans.local

Code:
use_nfs_home_dirs=1
use_samba_home_dirs=1
samba_enable_home_dirs=1
samba_export_all_rw=0
samba_export_all_ro=0
Any help would be appreciated.
Reply With Quote
  #2  
Old 25th December 2007, 12:51 AM
Frank616 Offline
Registered User
 
Join Date: Dec 2007
Location: Alberta, Canada
Posts: 121
I am a junior member here who is also searching this forum trying to get Samba to work. I came across this post saying that unless you are using SELinux in permissive mode, you won't get a connection. Maybe something there will help you.

http://forums.fedoraforum.org/forum/...+configuration

Frank.
Reply With Quote
Reply

Tags
blocking, file, selinux, sharing

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux blocking synce MrMagoo Security and Privacy 9 13th July 2009 07:09 PM
SELinux Blocking wpa_supplicant NTICompass Security and Privacy 7 6th October 2008 10:05 AM
SELinux is blocking.........what? Judy Using Fedora 7 1st February 2008 12:06 AM
SELinux is blocking.........what? Judy Using Fedora 5 30th December 2007 11:01 PM


Current GMT-time: 23:39 (Thursday, 31-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat