Bug 247195 - samba logfile warning
Summary: samba logfile warning
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-05 21:20 UTC by Dave Jones
Modified: 2015-01-04 22:29 UTC (History)
1 user (show)

Fixed In Version: Current
Clone Of:
Environment:
Last Closed: 2007-08-22 14:09:23 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Dave Jones 2007-07-05 21:20:47 UTC
SELinux is preventing samba (/usr/sbin/smbd) "append" to 192.168.42.19.log
(samba_log_t).

SELinux denied samba access to 192.168.42.19.log. If you want to share this
directory with samba it has to have a file context label of samba_share_t. If
you did not intend to use 192.168.42.19.log as a samba repository it could
indicate either a bug or it could signal a intrusion attempt.

This is odd.
I'm not trying to share /var/log/samba/192.168.42.19.log , so afaics, it's
correctly labelled already..

(17:16:22:root@gelk:samba)# ll -Z 192.168.42.19.log 
-rw-r--r--  root root system_u:object_r:samba_log_t    192.168.42.19.log

Hmm, there is some discrepancy though between this and other files in that dir..

-rw-r--r--  root root system_u:object_r:samba_log_t    192.168.42.19.log
-rw-r--r--  root root user_u:object_r:samba_log_t      192.168.42.20.log

Not sure why samba keeps trying to bother with this file at all, that host
hasn't been switched on for about a month.

Comment 1 Daniel Walsh 2007-07-06 14:47:20 UTC
What policy are you seeing this with?

It should be fixed by the latest policy?  selinux-policy-2.6.4-26

Comment 2 Dave Jones 2007-07-15 21:33:16 UTC
haven't seen it happen since updating to that version, but will keep an eye open
for it.

Comment 3 Daniel Walsh 2007-08-22 14:09:23 UTC
Closing as fixes are in the current release


Note You need to log in before you can comment on or make changes to this bug.