Summary: SELinux is preventing Samba (/usr/sbin/smbd) "write" access to backup-desktop. Detailed Description: SELinux denied samba access to backup-desktop. If you want to share this directory with samba it has to have a file context label of samba_share_t. If you did not intend to use backup-desktop as a samba repository it could indicate either a bug or it could signal a intrusion attempt. Please refer to 'man samba_selinux' for more information on setting up Samba and SELinux. Allowing Access: You can alter the file context by executing chcon -R -t samba_share_t 'backup-desktop' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t 'backup-desktop'" Fix Command: chcon -R -t samba_share_t 'backup-desktop' Additional Information: Source Context system_u:system_r:smbd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:usr_t:s0 Target Objects backup-desktop [ dir ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host (removed) Source RPM Packages samba-3.5.3-61.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-28.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name samba_share Host Name (removed) Platform Linux (removed) 2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 x86_64 Alert Count 20 First Seen Tue 29 Jun 2010 13:45:24 CEST Last Seen Tue 29 Jun 2010 13:45:36 CEST Local ID e861c7f4-0a56-4d86-b402-15d6d7340694 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1277811936.486:31068): avc: denied { write } for pid=3097 comm="smbd" name="backup-desktop" dev=sda5 ino=394103 scontext=system_u:system_r:smbd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1277811936.486:31068): arch=c000003e syscall=83 success=no exit=-13 a0=7fb56e513e20 a1=1ed a2=1ed a3=19 items=0 ppid=3073 pid=3097 auid=4294967295 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="smbd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0-s0:c0.c1023 key=(null) Hash String generated from samba_share,smbd,smbd_t,usr_t,dir,write audit2allow suggests: #============= smbd_t ============== #!!!! This avc can be allowed using the boolean 'samba_export_all_rw' allow smbd_t usr_t:dir write;
Any idea what backup-desktop is?
Sorry Dan, never heard of it.
Seanrjs, Sounds like a directory you are sharing via samba is not labeled correctly. You either need to label it as samba_share_t as described in the alert or turn on the samba_export_all_rw boolean if you are sharing the entire disk.