See http://catb.org/~esr/doclifter/problems.html for details on how and why these patches were generated. Feel free to email me with any questions. Problems with selinux.8: 1. Use of low-level troff hackery to set special indents or breaks can't be translated. The page will have rendering faults in HTML, and probably also under third-party man page browsers such as Xman, TkMan, Rosetta, and the KDE help browser. --- selinux.8-orig 2007-01-02 18:00:50.000000000 -0500 +++ selinux.8 2007-01-02 18:01:24.000000000 -0500 @@ -62,14 +62,13 @@ .B system-config-securitylevel allows customization of these booleans and tunables. -.br Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy. .SH FILE LABELING All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. -.br + The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. .SH AUTHOR ----------------------------- Problems with samba_selinux.8: 1. Use of low-level troff hackery to set special indents or breaks can't be translated. The page will have rendering faults in HTML, and probably also under third-party man page browsers such as Xman, TkMan, Rosetta, and the KDE help browser. --- samba_selinux.8-orig 2007-01-02 18:03:55.000000000 -0500 +++ samba_selinux.8 2007-01-02 18:05:23.000000000 -0500 @@ -17,7 +17,7 @@ If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file. .TP /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local -.br +.TP /var/eng(/.*)? system_u:object_r:samba_share_t .SH SHARING FILES @@ -26,27 +26,27 @@ setsebool -P allow_smbd_anon_write=1 .SH BOOLEANS -.br SELinux policy is customizable based on least access required. So by default SElinux policy turns off SELinux sharing of home directories and the use of Samba shares from a remote machine as a home directory. .TP If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean. -.br - +.RS setsebool -P samba_enable_home_dirs 1 +.RE .TP If you want to use a remote Samba server for the home directories on this machine, you must set the use_samba_home_dirs boolean. -.br - +.RS setsebool -P use_samba_home_dirs 1 +.RE .TP You can disable SELinux protection for the samba daemon by executing: -.br - +.RS +.nf setsebool -P smbd_disable_trans 1 -.br -service smb restart +Gservice smb restart +.fi +.RE .TP system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
Ok, I have cleaned these up in rawhide, and will backport to fc7