Bug 244273 - SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd (samba_log_t).
SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd (samba_log_t).
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: 244272 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2007-06-14 15:39 EDT by Jonathan Underwood
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-22 10:10:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jonathan Underwood 2007-06-14 15:39:31 EDT
Description of problem:
    SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd

Detailed Description
    SELinux denied samba access to log.smbd. If you want to share this directory
    with samba it has to have a file context label of samba_share_t. If you did
    not intend to use log.smbd as a samba repository it could indicate either a
    bug or it could signal a intrusion attempt.

Allowing Access
    You can alter the file context by executing chcon -R -t samba_share_t

    The following command will allow this access:
    chcon -R -t samba_share_t log.smbd

Additional Information        

Source Context                user_u:system_r:smbd_t
Target Context                user_u:object_r:samba_log_t
Target Objects                log.smbd [ file ]
Affected RPM Packages         samba-3.0.25a-3.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-12.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.samba_share
Host Name                     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Platform                      Linux xxxxxxxxxxxxxxxxxxxxxxxxx
                              2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT
                              2007 x86_64 x86_64
Alert Count                   3
First Seen                    Thu 14 Jun 2007 08:22:44 PM BST
Last Seen                     Thu 14 Jun 2007 08:22:44 PM BST
Local ID                      a7df9648-dc34-4b8b-82d9-32cf69802871
Line Numbers                  

Raw Audit Messages            

avc: denied { append } for comm="smbd" dev=sda2 egid=0 euid=0
exe="/usr/sbin/smbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="log.smbd"
pid=17214 scontext=user_u:system_r:smbd_t:s0 sgid=0
subj=user_u:system_r:smbd_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:samba_log_t:s0 tty=(none) uid=0
Comment 1 Jonathan Underwood 2007-06-14 15:40:01 EDT
This was on a freshly installed and updated box, and occured the very first time
I started samba
Comment 2 Daniel Walsh 2007-06-14 16:23:50 EDT
*** Bug 244272 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2007-06-14 16:27:21 EDT
Should have a fix available in selinux-policy-2.6.4-13.fc7
Comment 4 Daniel Walsh 2007-08-22 10:10:39 EDT
Closing as fixes are in the current release

Note You need to log in before you can comment on or make changes to this bug.