Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-22-2008, 05:01 AM   #1
Registered: Jun 2008
Location: Jakarta
Distribution: CentOS 5
Posts: 89

Rep: Reputation: 17
samba pdc selinux problem "rename" %m.log

OS = RHEL 5.1
Samba v3.0.25b-0.el5.4

Every time user logout / login, this selinux warning happen.

SELinux troubleshooter summary

selinux is preventing samba (/usr/sbin/smbd) "rename" win2003.log (samba_log_t)


workgroup = HeinzCORP
server string = Samba PDC Version %v
netbios name = Server120
encrypt passwords = yes
log file = /var/log/samba/%m.log <-- problem ?
max log size = 50
passwd program = /usr/bin/passwd %u
passwd chat = *NEW*UNIX*PASSWORD* %n\n *RETYPE*New*UNIX*Password* %n\n
log level = 2
unix password sync = yes
logon script = %U.bat
logon path = \\%L\profiles\%a\%U
logon drive = N:
logon home = \\%L\%U\Win-profile
domain logons = yes
os level = 65
prefered master = yes
domain master = yes
wins support = yes
hosts allow = 192.168.0.

This is getsebool grep samba

samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> on
samba_share_nfs --> off
use_samba_home_dirs --> off

So brotha, please give me a hand on this ...
How is the practice in the real world ?
Old 07-23-2008, 02:49 PM   #2
Registered: May 2001
Posts: 28,886
Blog Entries: 55

Rep: Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356Reputation: 3356
Originally Posted by WorldIsNotFair View Post
selinux is preventing samba (/usr/sbin/smbd) "rename" win2003.log (samba_log_t)
Below that message is a line with the original access vector cache (AVC) warning from /var/log/audit/audit.log (or /var/log/messages if you don't run Auditd). If you echo that line and pipe it through 'audit2allow' you should get a rule something like "allow smbd_t samba_log_t:file rename;". This rule you can add to your local policy module. If that does not work then you can disable SELinux protection for Samba by setting 'setsebool -P smbd_disable_trans 1' and restart Samba. Again, this disables SELinux protection for Samba, and given the fact Samba doesn't have a spotless past with respect to vulnerabilities you should at the same time beef up your auditing and security and submit a ticket to Red Hats bug tracker.
Old 07-23-2008, 10:15 PM   #3
Registered: Jun 2008
Location: Jakarta
Distribution: CentOS 5
Posts: 89

Original Poster
Rep: Reputation: 17
Thanks bro unSpawn,

I think disable samba from selinux is the best now ( I get another denial further now ..)

I should send Redhat inc a ticket bout this.

Really appreciate the comment bro ...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 04:36 AM
samba PDC Win98 client with roaming profile importing HKCU "NoDevMgrPage" itzamecwp Linux - Server 0 01-18-2007 05:15 PM
New SQUID user: How to clear the "access.log" and "store.log" automatically? yuzuohong Linux - Networking 2 12-02-2006 06:37 AM
"Edit and rename swaret conf" or whatever. PROBLEM! Kjetil4455 Slackware 8 04-14-2004 04:00 PM
Samba PDC - "NET TIME" tarballedtux Linux - Networking 1 01-01-2003 10:01 AM

All times are GMT -5. The time now is 09:32 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration