JohnS wrote:
On Tue, 2010-05-25 at 21:27 -0400, Whit Blauvelt wrote:
But if someone can tell me why selinux thinks it's sane to block "/etc/init.d/smb start" while leaving "sh /etc/init.d/smb start" and even /some/random/dir/smb start" wide open ... I just can't believe some happy hacker at NSA thought that would count as a security scheme. Really, I'd like to know how this is supposed to be useful.
It had good reason to because you did inhereitly edit it as shown by the previous rpm -V. I say you will have more SEL problems if you do not do a full relabel on boot. You really need selinux for samba to prevent buffer overflows. That is how it is usefull.
So smbd's context is _supposed_ to be inherited from the init script instead of being inherent to the program itself? And the init script has to be executed directly instead of given to a shell for this to work? Is this documented?