Bug 144959
Summary: | Samba capability issues | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ivan Gyurdiev <ivg231> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-20 18:37:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivan Gyurdiev
2005-01-13 00:30:40 UTC
"I think I'll go give strict policy another shot... let's see how that goes..." Maybe not - where are all the booleans for samba home dirs, etc.. Strict policy has a lot less boleans shown under samba-security-level. Run it in permissive mode for a while and then give me the AVC Messages. I have added the dac permissions. Dan What am I looking for? I tried reading/writing/creating/deleting files and directories, looking at content from windows, mounting shares, and doing nmblookup - nothing out of the usual... or should I leave it on for a longer time.. Actually I can't really reproduce the dac messages consistently anymore either. They used to show up when I restarted smb, but now they don't, and I just saw a single case of dac_override. ...or did you just want me to test the strict policy in permissive mode? Sorry if I misunderstood :) Yes I want you to run all your tests in permissive mode and then get me the AVC messages. That way I am not fixing them one at a time. But it looks like you already did most of the testing and all you found is the two dac errors. Dan Yes, I have seen no other errors. Why doesn't the strict policy show all the booleans (and smbd_enable_home_dirs in particular)? Is that intentional? getsebool -a should show all booleans |