Bug 234690 - SELinux is preventing /usr/sbin/nmbd (nmbd_t) "search" to lib (var_lib_t).
SELinux is preventing /usr/sbin/nmbd (nmbd_t) "search" to lib (var_lib_t).
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Samba Maint Team
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-31 07:02 EDT by David Bentley
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-14 15:53:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Bentley 2007-03-31 07:02:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070325 Firefox/2.0.0.3

Description of problem:
SELinux denied access requested by /usr/sbin/nmbd. It is not expected that this access is required by /usr/sbin/nmbd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Version-Release number of selected component (if applicable):
samba-3.0.24-9.fc7

How reproducible:
Always


Steps to Reproduce:
start the nmb daemon

Actual Results:
avc denial messages in selinux troubleshooter

Expected Results:


Additional info:
Source Context:  root:system_r:nmbd_t
Target Context:  system_u:object_r:var_lib_t
Target Objects:  lib [ dir ]
Affected RPM Packages:  samba-3.0.24-9.fc7 [application]filesystem-2.4.3-1.fc7 [target]
Policy RPM:  selinux-policy-2.5.10-2.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  bentledr-xeon
Platform:  Linux bentledr-xeon 2.6.20-1.3025.fc7 #1 SMP Wed Mar 28 20:33:47 EDT 2007 i686 i686
Alert Count:  20
First Seen:  Sat 31 Mar 2007 09:49:04 AM BST
Last Seen:  Sat 31 Mar 2007 11:46:03 AM BST
LocalID:  81674bea-09e1-4043-82f5-7aeb36f694ef
Line Numbers: 
 
Raw Audit Messages 

:avc: denied { search } for comm="nmbd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/nmbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="lib" pid=4783 scontext=root:system_r:nmbd_t:s0 sgid=0 subj=root:system_r:nmbd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0 

The above cut and pasted from setroubleshoot browser and edited to be more readable

Note You need to log in before you can comment on or make changes to this bug.