Bug 244273 - SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd (samba_log_t).
Summary: SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd (samba_log_t).
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
: 244272 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-14 19:39 UTC by Jonathan Underwood
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:10:39 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jonathan Underwood 2007-06-14 19:39:31 UTC
Description of problem:
Summary
    SELinux is preventing samba (/usr/sbin/smbd) "append" to log.smbd
    (samba_log_t).

Detailed Description
    SELinux denied samba access to log.smbd. If you want to share this directory
    with samba it has to have a file context label of samba_share_t. If you did
    not intend to use log.smbd as a samba repository it could indicate either a
    bug or it could signal a intrusion attempt.

Allowing Access
    You can alter the file context by executing chcon -R -t samba_share_t
    log.smbd

    The following command will allow this access:
    chcon -R -t samba_share_t log.smbd

Additional Information        

Source Context                user_u:system_r:smbd_t
Target Context                user_u:object_r:samba_log_t
Target Objects                log.smbd [ file ]
Affected RPM Packages         samba-3.0.25a-3.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-12.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.samba_share
Host Name                     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Platform                      Linux xxxxxxxxxxxxxxxxxxxxxxxxx
                              2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT
                              2007 x86_64 x86_64
Alert Count                   3
First Seen                    Thu 14 Jun 2007 08:22:44 PM BST
Last Seen                     Thu 14 Jun 2007 08:22:44 PM BST
Local ID                      a7df9648-dc34-4b8b-82d9-32cf69802871
Line Numbers                  

Raw Audit Messages            

avc: denied { append } for comm="smbd" dev=sda2 egid=0 euid=0
exe="/usr/sbin/smbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="log.smbd"
pid=17214 scontext=user_u:system_r:smbd_t:s0 sgid=0
subj=user_u:system_r:smbd_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:samba_log_t:s0 tty=(none) uid=0

Comment 1 Jonathan Underwood 2007-06-14 19:40:01 UTC
This was on a freshly installed and updated box, and occured the very first time
I started samba

Comment 2 Daniel Walsh 2007-06-14 20:23:50 UTC
*** Bug 244272 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2007-06-14 20:27:21 UTC
Should have a fix available in selinux-policy-2.6.4-13.fc7

Comment 4 Daniel Walsh 2007-08-22 14:10:39 UTC
Closing as fixes are in the current release


Note You need to log in before you can comment on or make changes to this bug.