From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Description of problem:
Samba needs all shares to be have the selinux label samba_share_t, which is documented in the samba_selinux man page, but nothing points new FC4 users to that manpage.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Install a new FC4 system.
Create new directory structure for samba.
Share new directories.
Map shares from client, try to use files.
Actual Results: Maps ok, but cannot read/write any files.
Expected Results: Should have mapped and worked as in previous versions of linux.
Should at least have a one-liner in the README.
Same problem exists for ftpd, httpd, et al.: the problem and solution are documented, but no way for new users to find that documentation.
This should be noted in the release notes.
Assigning to relnotes@ and setting to block both the FC4 relnotes tracker bug
and the general SELinux FAQ tracker bug.
Is this content still relevant? Looking to close the bug if it's old news.
cc'ing dwalsh since it's selinux related
Karsten, is it in the release notes for FC4/FC5?
Here is the Samba section active for FC5:
I don't think this has been in any of the relnotes.
The problem is, where to put it so that makes sense. How can the user know that
it is an SELinux permission?
The release notes are not reference documentation, they should point at other
I filed a bugreport because there was NO WAY for me to discover, on my own,
what the problem was without being familiar, a priori, with SELinux - and FC4
is/was the first time many (most?) users were exposed to SELinux.
I think a one-liner (as suggested in my original bug report :-) in the SELinux
section mentioning the existence of the samba_selinux, ftp_selinux, et al.
manpages would be adequate.
e.g., at the end of the SELinux notes, put:
"(For further information on how SELinux affects some common system daemons,
please see the samba_selinux(1), ftp_selinux(1), and httpd_selinux(1)
I'm not sure if any of those other than samba_selinux actually exist, but you
get the idea...
This information is now linked from the Security/SELinux beat, through the
canonical SELinux info on the wiki.