Bug 245693 - SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log (samba_log_t).
SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log (sa...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-06-25 23:34 EDT by Jack Tanner
Modified: 2008-01-30 14:18 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:18:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jack Tanner 2007-06-25 23:34:45 EDT
SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log

Detailed Description
SELinux denied access requested by /usr/sbin/nmbd. It is not expected that this
access is required by /usr/sbin/nmbd and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access. Please file a bug report
against this package.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for nmbd.log, restorecon -v nmbd.log. There is
currently no automatic way to allow this access. Instead, you can generate a
local policy module to allow this access - see FAQ - or you can disable SELinux
protection entirely for the application. Disabling SELinux protection is not
recommended. Please file a bug report against this package. Changing the
"nmbd_disable_trans" boolean to true will disable SELinux protection this
application: "setsebool -P nmbd_disable_trans=1."

The following command will allow this access:
setsebool -P nmbd_disable_trans=1

Additional Information
Source Context:  user_u:system_r:nmbd_t
Target Context:  system_u:object_r:samba_log_t
Target Objects:  nmbd.log [ file ]
Affected RPM Packages:  samba-3.0.24-7.fc6 [application]
Policy RPM:  selinux-policy-2.4.6-74.fc6
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  plugins.disable_trans
Platform:  Linux 2.6.20-1.2952.fc6 #1 SMP Wed May 16 18:59:18 EDT 2007 i686 i686
Alert Count:  1
Line Numbers:   
Raw Audit Messages :avc: denied { rename } for comm="nmbd" dev=dm-0 egid=0
euid=0 exe="/usr/sbin/nmbd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="nmbd.log"
pid=363 scontext=user_u:system_r:nmbd_t:s0 sgid=0 subj=user_u:system_r:nmbd_t:s0
suid=0 tclass=file tcontext=system_u:object_r:samba_log_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2007-09-13 13:15:53 EDT
Fixed in selinux-policy-2.4.6-92.fc6
Comment 2 Daniel Walsh 2008-01-30 14:18:44 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.