[CentOS] Strange Samba Issue

Mon Feb 17 15:12:22 UTC 2014
Daniel J Walsh <dwalsh at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/17/2014 09:08 AM, John R Pierce wrote:
> On 2/17/2014 5:36 AM, Styma, Robert E (Robert) wrote:
>> Researching showed that there are a number of little selinux flags to set
>> to get samba to work.  I went into /etc/selinux/config and turned off
>> selinux to test and rebooted.  The problems went away. Now I just have to
>> figure out what to configure, so I can turn selinux back on.
> 
> you shouldn't turn it off entirely, as its painful to turn back on later...
> rather, set it to 'permissive' with seenforce
> 
> 
> 
You want to look for a boolean that effects samba.

getsebool -a | grep samb
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off

Or as root execute
# semanage boolean -l| grep samba
samba_portmapper               (off  ,  off)  Allow samba to act as a portmapper
samba_enable_home_dirs         (off  ,  off)  Allow samba to share users home
directories.
samba_export_all_ro            (off  ,  off)  Allow samba to share any
file/directory read only.
samba_export_all_rw            (off  ,  off)  Allow samba to share any
file/directory read/write.
use_samba_home_dirs            (off  ,  off)  Support SAMBA home directories
samba_create_home_dirs         (off  ,  off)  Allow samba to create new home
directories (e.g. via PAM)
smbd_anon_write                (off  ,  off)  Allow samba to modify public
files used for public file transfer services.  Files/Directories must be
labeled public_content_rw_t.
samba_domain_controller        (off  ,  off)  Allow samba to act as the domain
controller, add users, groups and change passwords.
samba_share_fusefs             (off  ,  off)  Allow samba to export
ntfs/fusefs volumes.
cdrecord_read_content          (off  ,  off)  Determine whether cdrecord can
read various content. nfs, samba, removable devices, user temp and untrusted
content files
samba_share_nfs                (off  ,  off)  Allow samba to export NFS volumes.
samba_run_unconfined           (off  ,  off)  Allow samba to run unconfined
scripts
sanlock_use_samba              (off  ,  off)  Allow sanlock to manage cifs files
virt_use_samba                 (off  ,  off)  Allow confined virtual guests to
manage cifs files

You can also look at the samba_selinux man page

man samba_selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMCJtYACgkQrlYvE4MpobNAyQCgz+U8TId26gVJWwe2z5Vm4T+d
vikAmgI79XBJjZjDdGPwbfCeapSxej2k
=8xbW
-----END PGP SIGNATURE-----