Bug 858739
Summary: | SELinux is preventing /usr/sbin/smbd from 'getattr' accesses on the file /usr/sbin/ssmtp. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Raman Gupta <rocketraman> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | abokovoy, asn, dominick.grift, dwalsh, gdeschner, jlayton, mgrepl, sbose, ssorce |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:c524843c4af30fb88ed50724dae81c3387c183342b96bde5bd553559cdd80be6 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-10-02 10:06:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Raman Gupta
2012-09-19 14:39:32 UTC
What are you exactly doing? Are you sharing this files using samba or smbd wants to execute ssmtp? No, as far as I can tell, there should be no reason at all for samba to need access to /usr/sbin/smbd. Here is my smb.conf file: http://pastebin.com/6m1UHdcm As you can see, /usr/sbin is not shared. Note also, that pretty much at the same time, I got two other alerts: Bug 858738 Bug 858740 None of these directories are shared by samba and I can see no reason for it to access them, except that it might be a bug in smbd. (In reply to comment #2) > No, as far as I can tell, there should be no reason at all for samba to need > access to /usr/sbin/smbd. That should of course be /usr/sbin/ssmtp. Does SAMBA use /usr/sbin/ssmtp? No, it doesn't. Could you reopen if this happens again. Thank you. I got this again today, along with the other two reported above (pretty much exactly the same -- smbd access to /usr/bin/wodim, /usr/sbin/ssmtp, and then /usr/share/man. I think it happens when I plug in my android phone to my USB port and have VMWare running (VMWare is running a Windows virtual machine that uses samba to connect to the host). I have no idea why plugging in a USB device would cause the virtual machine to somehow get smbd to do these accesses however. Seems very strange to me. This sounds more like a virus or trojan. Without useful logfiles and network captures we can't do anything. Raman, you can dontaudit them # grep smbd /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp |