Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A little help with seLinux
Special Forums UNIX and Linux Applications A little help with seLinux Post 302790853 by Linusolaradm1 on Sunday 7th of April 2013 03:38:01 AM
Old 04-07-2013
A little help with seLinux
Situation: installed on Centos6.4 this samba4 package
samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc)
I use selinux so i put in context
Code:
/var/lock/samba4    -d    system_u:object_r:samba_var_t:s0
/var/lock/samba4/.*    --    system_u:object_r:samba_var_t:s0
/var/log/samba4 -d system_u:object_r:samba_log_t:s0
/var/log/samba4/.* -- system_u:object_r:samba_log_t:s0
/var/lock/samba4/smb_krb5 -d system_u:object_r:samba_var_t:s0
/var/run/samba4/brlock\.tdb    --    system_u:object_r:smbd_var_run_t:s0
/var/run/samba4/locking\.tdb    --    system_u:object_r:smbd_var_run_t:s0

and then
Code:
setfiles targeted/contexts/files/file_contexts  /var/lock/samba4

but when i try to start service failed
Code:
[2013/04/06 23:52:27,  7, pid=12982, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5134(lp_servicenumber)
  lp_servicenumber: couldn't find homes
[2013/04/06 23:52:27,  4, pid=12982, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:176(get_current_groups)
  get_current_groups: user is in 3 groups: 0, 10512, 10572
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lock/samba4/messages.tdb): tdb_open_ex: could not open file /var/lock/samba4/messages.tdb: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:132(messaging_tdb_init)
  ERROR: Failed to initialise messages database: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:203(messaging_init)
  messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED

selinux log said
Code:
type=SYSCALL msg=audit(1365320244.679:1168): arch=c000003e syscall=83 success=no exit=-13 a0=1110990 a1=1ed a2=ffffffff a3=7fff7307ff80 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(1365320244.680:1169): avc:  denied  { search } for  pid=3601 comm="smbd" name="lock" dev=dm-0 ino=261901 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1365320244.680:1169): arch=c000003e syscall=2 success=no exit=-13 a0=110fd40 a1=42 a2=180 a3=7fff7307fe00 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)

Someone can help?
Thanks
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SElinux

I am on a fedora core 2.6.9-1.677 i686 which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just... (1 Reply)
Discussion started by: moxxx68
1 Replies

2. Linux

fedora core 2 selinux problem

in fedora core 2 with enforcing mode in selinux , why even as a root OS doesnt give permission to create any directory or file in /home ? (1 Reply)
Discussion started by: the.last.soul
1 Replies

3. Red Hat

Cannot open SELinux encrypted disks

When I installed Fedora 10 I set the option to encrypt my file systems but now I can't open either of my two HDD's. I asks me for my password and gives me three options concerning the "remembering" of my password but when I put the password in nothing happens at all. Any ideas? Thanks. (3 Replies)
Discussion started by: jasonfrost
3 Replies

4. Virtualization and Cloud Computing

anyone running SELinux on amazon EC2?

Hi, Has anyone enabled SELinux on Amazon EC2? I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!! Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ... The steps i took: 1)I started with CentOS 5.3 base... (5 Replies)
Discussion started by: fun_indra
5 Replies

5. Red Hat

selinux --disabled

Hi All, Will some one kindly explian below ? selinux What is the effect of installing a server using this kickstart option as follows: selinux --enforcing and selinux --disabled (1 Reply)
Discussion started by: sri243
1 Replies

6. Cybersecurity

[SELinux] Problem with Bind 9

Hi, I can not start named service: /etc/init.d/named start Iniciando named: Error in named configuration: zone default.domain/IN: loading from master file /home/admin/conf/dns/default.domain.db failed: permission denied zone default.domain/IN: not loaded due to errors.... (2 Replies)
Discussion started by: Anibal
2 Replies

7. Red Hat

SeLinux permission question

Hi, in /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" DocumentRoot "/home/phpmy/html" when I restarted httpd # /etc/init.d/httpd restart Stopping httpd: Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies

8. UNIX for Dummies Questions & Answers

Unable to enable SeLinux on RHEL 7

I worked all night on creating an RHEL 7 template customized for our private cloud and almost had it ready. While doing the final part, enabling GDM, I made the blunder of disabling SELINUX. Now I am not able to re-enable or put into permissive mode again. Earlier, when this happened on RHEL 6... (3 Replies)
Discussion started by: satish51392111
3 Replies

LEARN ABOUT LINUX

rsync_selinux

rsync_selinux(8)					rsync Selinux Policy documentation					  rsync_selinux(8)

NAME

       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS
       SELinux	requires  files to have an extended attribute to define the file type.	Policy governs the access daemons have to these files.	If
       you want to share files using the rsync daemon, you must label the files and directories public_content_t.  So if  you  created	a  special
       directory /var/rsync, you would need to label the directory with the chcon tool.

       chcon -t public_content_t /var/rsync

       To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/

SHARING FILES

       If  you	want  to  share  files	with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and pub-
       lic_content_rw_t.  These context allow any of the above domains to read the content.  If you want a particular domain to write to the  pub-
       lic_content_rw_t domain, you must set the appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1

BOOLEANS

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)

dwalsh@redhat.com						    17 Jan 2005 						  rsync_selinux(8)
All times are GMT -4. The time now is 07:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy