From: Arthur Dent Sent: 11 December 2011 13:49
Hello all,
When I get a SEL alert it refers only to to the actual directory and not the full pathname. For example:
SELinux is preventing /usr/sbin/smbd from create access on the directory 05.
The advice for fixing this alert is probably useful but without knowing the full path is actually completely useless:
If you want to allow smbd to have create access on the 05 directory Then you need to change the label on '05' Do # semanage fcontext -a -t samba_share_t '05' # restorecon -v '05'
The problem is - I don't know where directory "05" is. It's probably some temporary cache file or some such and trying to even find its parent directory with a name like "05" makes using 'locate' or 'find' really quite hard work.
In this case the alert(s) (there were several - each with a different numerical directory name) were actually caused when I tried to sync my iPhone using iTunes installed on a Windows XP virtual machine running under VirtualBox on this Fedora 16 host, accessing the music library via a Samba share on a separate partition on the Fedora 16 box.... Yeah... I know....
But anyway - if I could find the full path of the directory in question I *might* be able to take a closer look at where the problem lies...
Thanks in advance for any help or suggestions.
Mark
If you get the device and inode from the the AVC message you can use find's -inum option to look for the inode number on the device's filesystem rather than -name.
Ha! That looks useful. I can't try it at the moment because, although I can ssh into that machine from work - I can't reproduce the event from the command line. I will try as soon as I can...
Thanks again...
Mark
selinux@lists.fedoraproject.org