Bug 244272 - SELinux is preventing samba (/usr/sbin/smbd) "append" to /var/log/samba/log.smbd (samba_log_t).
Summary: SELinux is preventing samba (/usr/sbin/smbd) "append" to /var/log/samba/log.s...
Status: CLOSED DUPLICATE of bug 244273
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
(Show other bugs)
Version: 7
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-14 19:38 UTC by Jonathan Underwood
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-14 20:22:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jonathan Underwood 2007-06-14 19:38:01 UTC
Summary
    SELinux is preventing samba (/usr/sbin/smbd) "append" to
    /var/log/samba/log.smbd (samba_log_t).

Detailed Description
    SELinux denied samba access to /var/log/samba/log.smbd. If you want to share
    this directory with samba it has to have a file context label of
    samba_share_t. If you did not intend to use /var/log/samba/log.smbd as a
    samba repository it could indicate either a bug or it could signal a
    intrusion attempt.

Allowing Access
    You can alter the file context by executing chcon -R -t samba_share_t
    /var/log/samba/log.smbd

    The following command will allow this access:
    chcon -R -t samba_share_t /var/log/samba/log.smbd

Additional Information        

Source Context                user_u:system_r:smbd_t
Target Context                user_u:object_r:samba_log_t
Target Objects                /var/log/samba/log.smbd [ file ]
Affected RPM Packages         samba-3.0.25a-3.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-12.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.samba_share
Host Name                     xxxxxxxxxxxxxxxxxxxxxxxxxx
Platform                      Linux xxxxxxxxxxxxxxxxxx
                              2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT
                              2007 x86_64 x86_64
Alert Count                   31
First Seen                    Thu 14 Jun 2007 08:22:44 PM BST
Last Seen                     Thu 14 Jun 2007 08:22:44 PM BST
Local ID                      03030d20-a8df-4546-ac0a-57e41d8a204e
Line Numbers                  

Raw Audit Messages            

avc: denied { append } for comm="smbd" dev=sda2 egid=0 euid=0
exe="/usr/sbin/smbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="log.smbd"
path="/var/log/samba/log.smbd" pid=17215 scontext=user_u:system_r:smbd_t:s0
sgid=0 subj=user_u:system_r:smbd_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:samba_log_t:s0 tty=(none) uid=0

Comment 1 Jonathan Underwood 2007-06-14 19:41:19 UTC
This occured the first time I started samba on a freshly installed and updated
machine.

Comment 2 Daniel Walsh 2007-06-14 20:22:58 UTC

*** This bug has been marked as a duplicate of 244273 ***


Note You need to log in before you can comment on or make changes to this bug.