Bug 245693 - SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log (samba_log_t).
Summary: SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log (sa...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 6
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-26 03:34 UTC by Jack Tanner
Modified: 2008-01-30 19:18 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2008-01-30 19:18:44 UTC


Attachments (Terms of Use)

Description Jack Tanner 2007-06-26 03:34:45 UTC
Summary
SELinux is preventing /usr/sbin/nmbd (nmbd_t) "rename" access to nmbd.log
(samba_log_t).

Detailed Description
SELinux denied access requested by /usr/sbin/nmbd. It is not expected that this
access is required by /usr/sbin/nmbd and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access. Please file a bug report
against this package.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for nmbd.log, restorecon -v nmbd.log. There is
currently no automatic way to allow this access. Instead, you can generate a
local policy module to allow this access - see FAQ - or you can disable SELinux
protection entirely for the application. Disabling SELinux protection is not
recommended. Please file a bug report against this package. Changing the
"nmbd_disable_trans" boolean to true will disable SELinux protection this
application: "setsebool -P nmbd_disable_trans=1."

The following command will allow this access:
setsebool -P nmbd_disable_trans=1

Additional Information
Source Context:  user_u:system_r:nmbd_t
Target Context:  system_u:object_r:samba_log_t
Target Objects:  nmbd.log [ file ]
Affected RPM Packages:  samba-3.0.24-7.fc6 [application]
Policy RPM:  selinux-policy-2.4.6-74.fc6
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  plugins.disable_trans
Platform:  Linux 2.6.20-1.2952.fc6 #1 SMP Wed May 16 18:59:18 EDT 2007 i686 i686
Alert Count:  1
Line Numbers:   
Raw Audit Messages :avc: denied { rename } for comm="nmbd" dev=dm-0 egid=0
euid=0 exe="/usr/sbin/nmbd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="nmbd.log"
pid=363 scontext=user_u:system_r:nmbd_t:s0 sgid=0 subj=user_u:system_r:nmbd_t:s0
suid=0 tclass=file tcontext=system_u:object_r:samba_log_t:s0 tty=(none) uid=0

Comment 1 Daniel Walsh 2007-09-13 17:15:53 UTC
Fixed in selinux-policy-2.4.6-92.fc6

Comment 2 Daniel Walsh 2008-01-30 19:18:44 UTC
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.


Note You need to log in before you can comment on or make changes to this bug.