Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 589713 Details for
Bug 829139
SELinux is preventing nmbd from using the 'dac_override' capabilities.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
File: description
description (text/plain), 2.47 KB, created by
Rafal Boruc
on 2012-06-06 05:00:44 UTC
(
hide
)
Description:
File: description
Filename:
MIME Type:
Creator:
Rafal Boruc
Created:
2012-06-06 05:00:44 UTC
Size:
2.47 KB
patch
obsolete
>SELinux is preventing nmbd from using the 'dac_override' capabilities. > >***** Plugin dac_override (91.4 confidence) suggests *********************** > >If aby pomóc ustaliÄ, czy domena wymaga tego dostÄpu lub w systemie istnieje plik z bÅÄdnymi uprawnieniami >Then należy wÅÄ czyÄ audyt, aby uzyskaÄ informacje o Åcieżce problemowego pliku i ponownie utworzyÄ bÅÄ d. >Do > >WÅÄ czenie peÅnego audytu ># auditctl -w /etc/shadow -p w >Próba ponownego utworzenia AVC. NastÄpnie wykonanie polecenia ># ausearch -m avc -ts recent >JeÅli widoczny jest wpis ÅCIEÅ»KI, należy sprawdziÄ wÅaÅciciela/uprawnienia pliku, a nastÄpnie je naprawiÄ. W przeciwnym wypadku należy zgÅosiÄ bÅÄ d w Bugzilli. > >***** Plugin catchall (9.59 confidence) suggests *************************** > >If jeÅli nmbd powinno mieÄ domyÅlnie możliwoÅÄ dac_override. >Then proszÄ to zgÅosiÄ jako bÅÄ d. >Można utworzyÄ lokalny moduÅ polityki, aby umożliwiÄ ten dostÄp. >Do >można tymczasowo zezwoliÄ na ten dostÄp wykonujÄ c polecenia: ># grep nmbd /var/log/audit/audit.log | audit2allow -M mojapolityka ># semodule -i mojapolityka.pp > >Additional Information: >Source Context system_u:system_r:nmbd_t:s0 >Target Context system_u:system_r:nmbd_t:s0 >Target Objects [ capability ] >Source nmbd >Source Path nmbd >Port <Nieznane> >Host (removed) >Source RPM Packages >Target RPM Packages >Policy RPM selinux-policy-3.10.0-128.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name (removed) >Platform Linux (removed) 3.3.7-1.fc17.i686 #1 SMP Mon May 21 > 22:50:24 UTC 2012 i686 i686 >Alert Count 4 >First Seen Åro, 6 cze 2012, 04:24:35 >Last Seen Åro, 6 cze 2012, 05:41:52 >Local ID eb0ff3a3-eaaa-48f6-9f16-4a2fb94442c0 > >Raw Audit Messages >type=AVC msg=audit(1338957712.841:42): avc: denied { dac_override } for pid=897 comm="nmbd" capability=1 scontext=system_u:system_r:nmbd_t:s0 tcontext=system_u:system_r:nmbd_t:s0 tclass=capability > > >Hash: nmbd,nmbd_t,nmbd_t,capability,dac_override > >audit2allowunable to open /sys/fs/selinux/policy: Permission denied > > >audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=589713">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 829139
: 589713