Bug 201984 - users can't acces her home dir's via samba
users can't acces her home dir's via samba
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-10 03:33 EDT by Frank Büttner
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-10 09:23:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Frank Büttner 2006-08-10 03:33:07 EDT
Description of problem:
When an user try to access his home dir of an FC5 system where setenforce=1 is
set, that it will fail.
When setenforce=0 it works. But then selinux is useless.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.3.3-8.fc5

How reproducible:
every time

Steps to Reproduce:
1. On an other system try to mount the home dir on tge FC5 system via
mount.cifs //fc5system/testuser /tmp/test
 
Actual results:
mount fails

Expected results:
mounted home dir.

Additional info:
smb.conf:
[homes]
        comment = Home Directories
        writeable = yes
        browseable = No
        guest ok = yes

log of audit.log
type=AVC msg=audit(1155195411.631:297): avc:  denied  { search } for  pid=3501
comm="smbd" name="home" dev=md1 ino=5696065 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1155195411.631:297): arch=40000003 syscall=195 success=no
exit=-13 a0=9227178 a1=bfbc7920 a2=3a6ff4 a3=bfbc7920 items=1 pid=3501
auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=100 sgid=0
fsgid=100 tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=system_u:system_r:smbd_t:s0
type=CWD msg=audit(1155195411.631:297):  cwd="/"
type=PATH msg=audit(1155195411.631:297): item=0 name="/home/testuser"
parent=4223225 dev=09:01 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:samba_var_t:s0
type=AVC msg=audit(1155195411.815:298): avc:  denied  { search } for  pid=3502
comm="smbd" name="home" dev=md1 ino=5696065 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1155195411.815:298): arch=40000003 syscall=195 success=no
exit=-13 a0=9226ed8 a1=bfbc7920 a2=3a6ff4 a3=bfbc7920 items=1 pid=3502
auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=100 sgid=0
fsgid=100 tty=(none) comm="smbd" exe="/usr/sbin/smbd"
subj=system_u:system_r:smbd_t:s0
type=CWD msg=audit(1155195411.815:298):  cwd="/"
type=PATH msg=audit(1155195411.815:298): item=0 name="/home/testuser"
parent=4223225 dev=09:01 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:samba_var_t:s0
Comment 1 Daniel Walsh 2006-08-10 09:23:05 EDT
You need to turn on the samba_enable_home_dirs boolean

setsebool -P samba_enable_home_dirs=1

man samba_selinux



Note You need to log in before you can comment on or make changes to this bug.