Description of problem: When /etc/samba/smb.conf is labeled with a type that the smbd_t domain does not have access to, sealert suggests labeling /etc/samba/smb.conf with the public_content_t type. Version-Release number of selected component (if applicable): selinux-policy-3.5.13-40.fc10.noarch selinux-policy-targeted-3.5.13-40.fc10.noarch How reproducible: Always. Steps to Reproduce: 1. Label /etc/samba/smb.conf with a type that the smbd_t domain does not have access to: chcon -t httpd_sys_content_t /etc/samba/smb.conf 2. service smb start 3. check /var/log/messages or setroubleshoot browser. Actual results: Fix Command: chcon -t public_content_t './smb.conf' Expected results: Fix Command: chcon -t samba_etc_t /etc/samba/smb.conf If there is a chance this type will change in future, perhaps the following is a better fix command: restorecon -R -v /etc/samba/
Created attachment 330571 [details] full denial viewed with sealert
Fixed in setroubleshoot-plugins- 2.0.16-1