Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A little help with seLinux
Special Forums UNIX and Linux Applications A little help with seLinux Post 302790853 by Linusolaradm1 on Sunday 7th of April 2013 03:38:01 AM
Old 04-07-2013
A little help with seLinux
Situation: installed on Centos6.4 this samba4 package
samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc)
I use selinux so i put in context
Code:
/var/lock/samba4    -d    system_u:object_r:samba_var_t:s0
/var/lock/samba4/.*    --    system_u:object_r:samba_var_t:s0
/var/log/samba4 -d system_u:object_r:samba_log_t:s0
/var/log/samba4/.* -- system_u:object_r:samba_log_t:s0
/var/lock/samba4/smb_krb5 -d system_u:object_r:samba_var_t:s0
/var/run/samba4/brlock\.tdb    --    system_u:object_r:smbd_var_run_t:s0
/var/run/samba4/locking\.tdb    --    system_u:object_r:smbd_var_run_t:s0

and then
Code:
setfiles targeted/contexts/files/file_contexts  /var/lock/samba4

but when i try to start service failed
Code:
[2013/04/06 23:52:27,  7, pid=12982, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5134(lp_servicenumber)
  lp_servicenumber: couldn't find homes
[2013/04/06 23:52:27,  4, pid=12982, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:176(get_current_groups)
  get_current_groups: user is in 3 groups: 0, 10512, 10572
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lock/samba4/messages.tdb): tdb_open_ex: could not open file /var/lock/samba4/messages.tdb: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages_local.c:132(messaging_tdb_init)
  ERROR: Failed to initialise messages database: Permission denied
[2013/04/06 23:52:27,  2, pid=12982, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:203(messaging_init)
  messaging_tdb_init failed: NT_STATUS_ACCESS_DENIED

selinux log said
Code:
type=SYSCALL msg=audit(1365320244.679:1168): arch=c000003e syscall=83 success=no exit=-13 a0=1110990 a1=1ed a2=ffffffff a3=7fff7307ff80 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(1365320244.680:1169): avc:  denied  { search } for  pid=3601 comm="smbd" name="lock" dev=dm-0 ino=261901 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1365320244.680:1169): arch=c000003e syscall=2 success=no exit=-13 a0=110fd40 a1=42 a2=180 a3=7fff7307fe00 items=0 ppid=3600 pid=3601 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=107 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)

Someone can help?
Thanks
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SElinux

I am on a fedora core 2.6.9-1.677 i686 which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just... (1 Reply)
Discussion started by: moxxx68
1 Replies

2. Linux

fedora core 2 selinux problem

in fedora core 2 with enforcing mode in selinux , why even as a root OS doesnt give permission to create any directory or file in /home ? (1 Reply)
Discussion started by: the.last.soul
1 Replies

3. Red Hat

Cannot open SELinux encrypted disks

When I installed Fedora 10 I set the option to encrypt my file systems but now I can't open either of my two HDD's. I asks me for my password and gives me three options concerning the "remembering" of my password but when I put the password in nothing happens at all. Any ideas? Thanks. (3 Replies)
Discussion started by: jasonfrost
3 Replies

4. Virtualization and Cloud Computing

anyone running SELinux on amazon EC2?

Hi, Has anyone enabled SELinux on Amazon EC2? I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!! Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ... The steps i took: 1)I started with CentOS 5.3 base... (5 Replies)
Discussion started by: fun_indra
5 Replies

5. Red Hat

selinux --disabled

Hi All, Will some one kindly explian below ? selinux What is the effect of installing a server using this kickstart option as follows: selinux --enforcing and selinux --disabled (1 Reply)
Discussion started by: sri243
1 Replies

6. Cybersecurity

[SELinux] Problem with Bind 9

Hi, I can not start named service: /etc/init.d/named start Iniciando named: Error in named configuration: zone default.domain/IN: loading from master file /home/admin/conf/dns/default.domain.db failed: permission denied zone default.domain/IN: not loaded due to errors.... (2 Replies)
Discussion started by: Anibal
2 Replies

7. Red Hat

SeLinux permission question

Hi, in /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" DocumentRoot "/home/phpmy/html" when I restarted httpd # /etc/init.d/httpd restart Stopping httpd: Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies

8. UNIX for Dummies Questions & Answers

Unable to enable SeLinux on RHEL 7

I worked all night on creating an RHEL 7 template customized for our private cloud and almost had it ready. While doing the final part, enabling GDM, I made the blunder of disabling SELINUX. Now I am not able to re-enable or put into permissive mode again. Earlier, when this happened on RHEL 6... (3 Replies)
Discussion started by: satish51392111
3 Replies

LEARN ABOUT DEBIAN

virtual_image_context

virtual_image_context(5)				       SELinux configuration					  virtual_image_context(5)

NAME

       virtual_image_context - The SELinux virtual machine image context configuration file.

DESCRIPTION

       The virtual_image_context file contains a list of image contexts for use by the SELinux-aware virtulization API libvirt (see libvirtd(8)).

       selinux_virtual_image_context_path(3) will return the active policy path to this file. The default virtual image context file is:
	      /etc/selinux/{SELINUXTYPE}/contexts/virtual_image_context

       Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

FILE FORMAT

       Each line in the file consists of an entry as follows:
	      user:role:type[:range]

       Where:
	      user role type range
		     A user, role, type and optional range (for MCS/MLS) separated by colons (:) that can be used as a virtual image context.

EXAMPLE

       # ./contexts/virtual_image_context
       system_u:object_r:svirt_image_t:s0
       system_u:object_r:svirt_content_t:s0

SEE ALSO

       selinux(8), libvirtd(8), selinux_virtual_image_context_path(3), selinux_config(5)

Security Enhanced Linux 					    28-Nov-2011 					  virtual_image_context(5)
All times are GMT -4. The time now is 04:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy