Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A little help with seLinux
Special Forums UNIX and Linux Applications A little help with seLinux Post 302790853 by Linusolaradm1 on Sunday 7th of April 2013 03:38:01 AM
Old 04-07-2013
A little help with seLinux
Situation: installed on Centos6.4 this samba4 package
samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc)
I use selinux so i put in context
Code:
/var/lock/samba4    -d    system_u:object_r:samba_var_t:s0
/var/lock/samba4/.*    --    system_u:object_r:samba_var_t:s0
/var/log/samba4 -d system_u:object_r:samba_log_t:s0
/var/log/samba4/.* -- system_u:object_r:samba_log_t:s0
/var/lock/samba4/smb_krb5 -d system_u:object_r:samba_var_t:s0
/var/run/samba4/brlock\.tdb    --    system_u:object_r:smbd_var_run_t:s0
/var/run/samba4/locking\.tdb    --    system_u:object_r:smbd_var_run_t:s0

and then
Code:
setfiles targeted/contexts/files/file_contexts  /var/lock/samba4

but when i try to start service failed
Code:
[2013/04/06 23:52:27,  7, pid=12982, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5134(lp_servicenumber)
  lp_servicenumber: couldn't find homes
[2013/04/06 23:52:27,  4, pid=12982, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:176(get_current_groups)
  get_current_groups: user is in 3 groups: 0, 10512, 10572
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lock/samba4/messages.tdb): tdb_open_ex: could not open file /var/lock/samba4/messages.tdb: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:132(messaging_tdb_init)
  ERROR: Failed to initialise messages database: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:203(messaging_init)
  messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED

selinux log said
Code:
type=SYSCALL msg=audit(1365320244.679:1168): arch=c000003e syscall=83 success=no exit=-13 a0=1110990 a1=1ed a2=ffffffff a3=7fff7307ff80 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(1365320244.680:1169): avc:  denied  { search } for  pid=3601 comm="smbd" name="lock" dev=dm-0 ino=261901 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1365320244.680:1169): arch=c000003e syscall=2 success=no exit=-13 a0=110fd40 a1=42 a2=180 a3=7fff7307fe00 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)

Someone can help?
Thanks
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SElinux

I am on a fedora core 2.6.9-1.677 i686 which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just... (1 Reply)
Discussion started by: moxxx68
1 Replies

2. Linux

fedora core 2 selinux problem

in fedora core 2 with enforcing mode in selinux , why even as a root OS doesnt give permission to create any directory or file in /home ? (1 Reply)
Discussion started by: the.last.soul
1 Replies

3. Red Hat

Cannot open SELinux encrypted disks

When I installed Fedora 10 I set the option to encrypt my file systems but now I can't open either of my two HDD's. I asks me for my password and gives me three options concerning the "remembering" of my password but when I put the password in nothing happens at all. Any ideas? Thanks. (3 Replies)
Discussion started by: jasonfrost
3 Replies

4. Virtualization and Cloud Computing

anyone running SELinux on amazon EC2?

Hi, Has anyone enabled SELinux on Amazon EC2? I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!! Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ... The steps i took: 1)I started with CentOS 5.3 base... (5 Replies)
Discussion started by: fun_indra
5 Replies

5. Red Hat

selinux --disabled

Hi All, Will some one kindly explian below ? selinux What is the effect of installing a server using this kickstart option as follows: selinux --enforcing and selinux --disabled (1 Reply)
Discussion started by: sri243
1 Replies

6. Cybersecurity

[SELinux] Problem with Bind 9

Hi, I can not start named service: /etc/init.d/named start Iniciando named: Error in named configuration: zone default.domain/IN: loading from master file /home/admin/conf/dns/default.domain.db failed: permission denied zone default.domain/IN: not loaded due to errors.... (2 Replies)
Discussion started by: Anibal
2 Replies

7. Red Hat

SeLinux permission question

Hi, in /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" DocumentRoot "/home/phpmy/html" when I restarted httpd # /etc/init.d/httpd restart Stopping httpd: Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies

8. UNIX for Dummies Questions & Answers

Unable to enable SeLinux on RHEL 7

I worked all night on creating an RHEL 7 template customized for our private cloud and almost had it ready. While doing the final part, enabling GDM, I made the blunder of disabling SELINUX. Now I am not able to re-enable or put into permissive mode again. Earlier, when this happened on RHEL 6... (3 Replies)
Discussion started by: satish51392111
3 Replies

LEARN ABOUT DEBIAN

getfilecon

getfilecon(3)						     SELinux API documentation						     getfilecon(3)

NAME

       getfilecon, fgetfilecon, lgetfilecon - get SELinux security context of a file

SYNOPSIS

       #include <selinux/selinux.h>

       int getfilecon(const char *path, security_context_t *con);

       int lgetfilecon(const char *path, security_context_t *con);

       int fgetfilecon(int fd, security_context_t *con);

DESCRIPTION

       getfilecon retrieves the context associated with the given path in the file system, the length of the context is returned.

       lgetfilecon  is identical to getfilecon, except in the case of a symbolic link, where the link itself is interrogated, not the file that it
       refers to.

       fgetfilecon is identical to getfilecon, only the open file pointed to by filedes (as returned by open(2)) is interrogated in place of path.

       The returned context should be freed with freecon if non-NULL.

RETURN VALUE

       On success, a positive number is returned indicating the size of the extended attribute value. On failure, -1 is returned and errno is  set
       appropriately.

       If the context does not exist, or the process has no access to this attribute, errno is set to ENODATA.

       If extended attributes are not supported by the filesystem, or are dis- abled, errno is set to ENOTSUP.

       The errors documented for the stat(2) system call are also applicable here.

SEE ALSO

       selinux(8), freecon(3), setfilecon(3), setfscreatecon(3)

russell@coker.com.au						  1 January 2004						     getfilecon(3)
All times are GMT -4. The time now is 03:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy