Hide Forgot
Description of problem: Even with samba_enable_home_dirs enabled, Samba is unable to set attributes on files: type=AVC msg=audit(1327966909.464:33529): avc: denied { setattr } for pid=13430 comm="smbd" name="bursar" dev=dm-3 ino=3932161 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir I haven't been able to confirm as I don't have a test environment, but I suspect this may only occur when extended attributes is enabled in smb.conf: ea support = yes Version-Release number of selected component (if applicable): selinux-policy-targeted-3.7.19-126.el6_2.4.noarch setroubleshootd suggests enabling samba_export_all_rw, but this is too much. setattr should be included in samba_enable_home_dirs.
# sesearch -s smbd_t -t user_home_dir_t -c dir -p setattr --allow -C Found 1 semantic av rules: DT allow smbd_t user_home_dir_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; [ samba_export_all_rw ] # The access is allowed if samba_export_all_rw boolean is enabled. You can use it as workaround if you understand that the boolean allows other accesses too. # semanage boolean -l | grep samba_export_all_rw samba_export_all_rw -> off Allow samba to share any file/directory read/write. #
What is "bursar"? Is it your user? Or is it a subdirectory in /home/<username>/
It is a directory.
In this case you will need to run the restorecon command too. # restorecon -R -v /home/<username> # setsebool -P samba_enable_home_dirs 1