210768 – SELinux targeted policy breaks SMB share

Bug 210768 - SELinux targeted policy breaks SMB share

Summary: SELinux targeted policy breaks SMB share

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-10-14 16:28 UTC by W. Michael Petullo
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-14 16:58:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Audit log -- attempt to mount homes with SELinux enabled (1.07 KB, application/octet-stream) 2006-10-14 16:30 UTC, W. Michael Petullo	no flags	Details
Audit log -- attempt to mount shared with SELinux enabled (1.04 KB, application/octet-stream) 2006-10-14 16:32 UTC, W. Michael Petullo	no flags	Details
Audit log -- attempt to mount homes with SELinux permissive (6.91 KB, application/octet-stream) 2006-10-14 16:33 UTC, W. Michael Petullo	no flags	Details
Audit log -- attempt to mount shared with SELinux permissive (1.05 KB, application/octet-stream) 2006-10-14 16:35 UTC, W. Michael Petullo	no flags	Details
View All

Description W. Michael Petullo 2006-10-14 16:28:06 UTC

Description of problem:
I have two SMB shares, homes and shared.  When SELinux is enforcing its targeted
policy, Samba is unable to export these shares.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.3.18-10

How reproducible:
Every time

Steps to Reproduce:
1. Set SELinux to enforce its targeted policy.
2. Attempt to access SMB shares from another computer.
  
Actual results:
The shares cannot be accessed.

Expected results:
The shares should be accessible from a remote machine.

Additional info:
I use Kerberos to authenticate and LDAP for netowrk information.  Everything
works fine when SELinux is in permissive mode.

Comment 1 W. Michael Petullo 2006-10-14 16:30:54 UTC

Created attachment 138511 [details]
Audit log -- attempt to mount homes with SELinux enabled

Comment 2 W. Michael Petullo 2006-10-14 16:32:48 UTC

Created attachment 138512 [details]
Audit log -- attempt to mount shared with SELinux enabled

Comment 3 W. Michael Petullo 2006-10-14 16:33:44 UTC

Created attachment 138513 [details]
Audit log -- attempt to mount homes with SELinux permissive

Comment 4 W. Michael Petullo 2006-10-14 16:35:08 UTC

Created attachment 138514 [details]
Audit log -- attempt to mount shared with SELinux permissive

Comment 5 W. Michael Petullo 2006-10-14 16:58:37 UTC

Oops:

setsebool samba_enable_home_dirs on
chcon -R -t samba_share_t <PATH TO SHARE>

Sorry about the noise.

Note You need to log in before you can comment on or make changes to this bug.