On May 25, 2010, at 8:25 PM, Whit Blauvelt <whit(a)transpect.com> wrote:
> On Tue, May 25, 2010 at 07:55:12PM -0400, Whit Blauvelt wrote:
>> On Tue, May 25, 2010 at 04:33:53PM -0700, Jerry Franz wrote:
>>
>>> Are you running with SELinux on?
>
> You were right Jerry!
>
> echo 0 > /selinux/enforce
>
> and then /etc/init.d/smb restart works! Thank you much Jerry!
>
> Now why doesn't that fine piece of government work, selinux, do  
> something
> standard and useful like log when it's instituting breakage?? I get  
> that
> it's doing it "for your own good," but what good is it if it doesn't  
> tell
> you what it's doing? The _first place_ I looked when we ran into this
> problem was the logs. Nada. Zilch.
>
> Programs that try to be smarter than the root user are annoying  
> enough.
> Programs that do that and don't try to educate the root user while  
> they're
> doing it are worse. There are standards for logging. Selinux is  
> ignoring
> them. If it's going to be breaking stuff by default, and failing to  
> log the
> breakage by default, that's not remotely good. Yet that's how CentOS
> installs it. Are we downstream of some Redhat brilliance here?
Selinux alerts are in /var/log/audit/audit.log
The problem is if smbd doesn't create the messages.tdb file then it  
won't have the selinux rights.
That file can be deleted and will be recreated on smbd start, it's  
just a cache file.
-Ross