-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/17/2014 09:08 AM, John R Pierce wrote:
On 2/17/2014 5:36 AM, Styma, Robert E (Robert) wrote:
Researching showed that there are a number of little selinux flags to set to get samba to work. I went into /etc/selinux/config and turned off selinux to test and rebooted. The problems went away. Now I just have to figure out what to configure, so I can turn selinux back on.
you shouldn't turn it off entirely, as its painful to turn back on later... rather, set it to 'permissive' with seenforce
You want to look for a boolean that effects samba.
getsebool -a | grep samb samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_use_samba --> off
Or as root execute # semanage boolean -l| grep samba samba_portmapper (off , off) Allow samba to act as a portmapper samba_enable_home_dirs (off , off) Allow samba to share users home directories. samba_export_all_ro (off , off) Allow samba to share any file/directory read only. samba_export_all_rw (off , off) Allow samba to share any file/directory read/write. use_samba_home_dirs (off , off) Support SAMBA home directories samba_create_home_dirs (off , off) Allow samba to create new home directories (e.g. via PAM) smbd_anon_write (off , off) Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t. samba_domain_controller (off , off) Allow samba to act as the domain controller, add users, groups and change passwords. samba_share_fusefs (off , off) Allow samba to export ntfs/fusefs volumes. cdrecord_read_content (off , off) Determine whether cdrecord can read various content. nfs, samba, removable devices, user temp and untrusted content files samba_share_nfs (off , off) Allow samba to export NFS volumes. samba_run_unconfined (off , off) Allow samba to run unconfined scripts sanlock_use_samba (off , off) Allow sanlock to manage cifs files virt_use_samba (off , off) Allow confined virtual guests to manage cifs files
You can also look at the samba_selinux man page
man samba_selinux