| Summary: | SELinux is preventing smbd from 'lock' accesses on the file /home/scans/scan.pdf. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fred Odendaal <fred.odendaal> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 25 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, pmoore, ssekidde |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:6a3b941a06aa43627c4848d172c4a16041101322928572c06cdf78488dad2af4;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-06 16:54:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
***** Plugin restorecon (85.9 confidence) suggests ************************ If you want to fix the label. /home/scans/scan.pdf default label should be user_home_t. Then you can run restorecon. Do # /sbin/restorecon -v /home/scans/scan.pdf Adn then enable samba_enable_home_dirs boolean: # setsebool -P samba_enable_home_dirs 1 |
Description of problem: Trying to scan from network printer to samba shared folder. Get error message at printer indicating wrong credentials. SELinux indicates error with smbd trying to lock file. SELinux is preventing smbd from 'lock' accesses on the file /home/scans/scan.pdf. ***** Plugin restorecon (85.9 confidence) suggests ************************ If you want to fix the label. /home/scans/scan.pdf default label should be user_home_t. Then you can run restorecon. Do # /sbin/restorecon -v /home/scans/scan.pdf ***** Plugin catchall_boolean (7.33 confidence) suggests ****************** If you want to allow samba to export all ro Then you must tell SELinux about this by enabling the 'samba_export_all_ro' boolean. You can read 'None' man page for more details. Do setsebool -P samba_export_all_ro 1 ***** Plugin catchall_boolean (7.33 confidence) suggests ****************** If you want to allow samba to export all rw Then you must tell SELinux about this by enabling the 'samba_export_all_rw' boolean. You can read 'None' man page for more details. Do setsebool -P samba_export_all_rw 1 ***** Plugin catchall (1.35 confidence) suggests ************************** If you believe that smbd should be allowed lock access on the scan.pdf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'smbd' --raw | audit2allow -M my-smbd # semodule -X 300 -i my-smbd.pp Additional Information: Source Context system_u:system_r:smbd_t:s0 Target Context system_u:object_r:home_root_t:s0 Target Objects /home/scans/scan.pdf [ file ] Source smbd Source Path smbd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.21.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.8.10-200.fc24.x86_64 #1 SMP Mon Nov 21 17:55:46 UTC 2016 x86_64 x86_64 Alert Count 4 First Seen 2016-12-02 12:15:49 EST Last Seen 2016-12-02 13:28:18 EST Local ID f45e25f9-c656-4f08-9232-88809b971685 Raw Audit Messages type=AVC msg=audit(1480703298.972:353): avc: denied { lock } for pid=15832 comm="smbd" path="/home/scans/scan.pdf" dev="sdb3" ino=2621475 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=file permissive=1 Hash: smbd,smbd_t,home_root_t,file,lock Version-Release number of selected component: selinux-policy-3.13.1-191.21.fc24.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport Potential duplicate: bug 906850