[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

Wed May 26 02:09:33 UTC 2010
Jay Leafey <jay.leafey at mindless.com>

Whit Blauvelt wrote:
> <SNIP>
> 
> Then why was it also happy with "sh /etc/init.d/smb start" but not
> "/etc/init.d/smb start". I'm happy to become more educated on this. But if
> invoking a major daemon startup that selinux wants to block is as easy as
> that, selinux is window dressing, not security.
> 
> What am I missing about how that's anything like useful?
> 

As I understand it, the two different methods of invocation could 
involve different SELinux contexts.  Under one of them the process could 
be less constrained than the other.  If you want details, you'll have to 
look elsewhere, I'm just another seeker!

I've found that running the SELinux troubleshoter has been very helpful. 
  SELinux can be a royal pain, particularly with software not written 
with it in mind (cough*Oracle*cougn).  I try to discourage the "just 
turn off SELinux" mindset... it sorta reminds me of the excuses for NOT 
using seat belts.

In your case, there should have been AVC errors showing up in the audit 
log related to smbd.  Using restorecon to fix up the security context on 
the files in /etc/samba might have resolved the issue quickly... but I 
guess the trick is having run across it before, eh?

"The best cure for mistakes is experience.
The best source of experience is mistakes." - YMMV
-- 
Jay Leafey - jay.leafey at mindless.com
Memphis, TN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3274 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20100525/165c938e/attachment-0005.bin>