net-fs/samba-2.2.x policy files
Created attachment 23135 [details] file contexts
Created attachment 23136 [details] type enforcement
the following 3 lines are needed for samba 3.0.1 to work (tested with the 'smbpasswd' passdb backend): # for /usr/lib/samba/*.dat allow nmbd_t lib_t:file r_file_perms; allow smbd_t lib_t:file r_file_perms;
it was only necessary for me to add: allow nmbd_t lib_t:file { read getattr }; allow smbd_t var_log_t:file { append getattr }; for it to work for me
Jack: you should relabel files in /var/lib, /var/run, /var/log, /var/cache, /etc/samba and /usr/sbin after you've installed the policy files. for i in /var/lib /var/run /var/log /var/cache /etc/samba /usr/sbin; do /usr/sbin/setfiles /etc/security/selinux/src/policy/file_contexts/file_contexts $i done and after you've done this, there shouldn't be any avc deny on starting samba. bye, peter
updating component.
Petre, please verify that this is still ok, and also check the current NSA samba policy to see if theres anything new, then I'll commit it.
Created attachment 28344 [details] type enforcement this is my latest te file. used with samba 2.2 for a very long time, tested with samba 3 acting as domain controller for a few days. the nsa policy also has 'can_ypbind(smbd_t)' which is defined in their ypbind_macros.te, which seems to be missing from the gentoo policy tree. but I never felt the need to use that macro anyhow :) bye, peter
committed to policy cvs
I can't find any trace of sec-policy/selinux-samba in portage right now.
selinux-samba-20040406 committed to portage