Red Hat Bugzilla – Bug 483513
Wrong suggestion when smb.conf is labeled with certain types
Last modified: 2015-01-04 17:35:51 EST
Description of problem:
When /etc/samba/smb.conf is labeled with a type that the smbd_t domain does not have access to, sealert suggests labeling /etc/samba/smb.conf with the public_content_t type.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Label /etc/samba/smb.conf with a type that the smbd_t domain does not have access to:
chcon -t httpd_sys_content_t /etc/samba/smb.conf
2. service smb start
3. check /var/log/messages or setroubleshoot browser.
chcon -t public_content_t './smb.conf'
chcon -t samba_etc_t /etc/samba/smb.conf
If there is a chance this type will change in future, perhaps the following is a better fix command:
restorecon -R -v /etc/samba/
Created attachment 330571 [details]
full denial viewed with sealert
Fixed in setroubleshoot-plugins- 2.0.16-1