hi guys
any boolean that would cover this:
#============= smbd_t ==============
#!!!! The file '/__.aNetStorage' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /__.aNetStorage #!!!! This avc can be allowed using one of the these booleans: #???????? samba_export_all_ro, samba_export_all_rw allow smbd_t automount_tmp_t:dir getattr; allow smbd_t self:capability2 block_suspend;
above(silent denials) happens when samba's share path is an autofs nfs ver=4 mount. If no boolean then it would be great to have one(or few) if safe.
many thanks, L.
Hi,
Could you attach raw SELinux denials? By reproducing the issue and then run: # ausearch -m AVC -ts today
First rule: allow smbd_t automount_tmp_t:dir getattr;
is dontaudited and second: allow smbd_t self:capability2 block_suspend;
is kernel issue.
Do you have any issue with samba or you just see this in audit log?
Lukas
On 03/28/2018 01:44 PM, lejeczek wrote:
hi guys
any boolean that would cover this:
#============= smbd_t ==============
#!!!! The file '/__.aNetStorage' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /__.aNetStorage #!!!! This avc can be allowed using one of the these booleans: #???????? samba_export_all_ro, samba_export_all_rw allow smbd_t automount_tmp_t:dir getattr; allow smbd_t self:capability2 block_suspend;
above(silent denials) happens when samba's share path is an autofs nfs ver=4 mount. If no boolean then it would be great to have one(or few) if safe.
many thanks, L. _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
selinux@lists.fedoraproject.org