Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 234690 - SELinux is preventing /usr/sbin/nmbd (nmbd_t) "search" to lib (var_lib_t).
Summary: SELinux is preventing /usr/sbin/nmbd (nmbd_t) "search" to lib (var_lib_t).
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Samba Maint Team
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-31 11:02 UTC by David Bentley
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-04-14 19:53:52 UTC


Attachments (Terms of Use)

Description David Bentley 2007-03-31 11:02:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070325 Firefox/2.0.0.3

Description of problem:
SELinux denied access requested by /usr/sbin/nmbd. It is not expected that this access is required by /usr/sbin/nmbd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Version-Release number of selected component (if applicable):
samba-3.0.24-9.fc7

How reproducible:
Always


Steps to Reproduce:
start the nmb daemon

Actual Results:
avc denial messages in selinux troubleshooter

Expected Results:


Additional info:
Source Context:  root:system_r:nmbd_t
Target Context:  system_u:object_r:var_lib_t
Target Objects:  lib [ dir ]
Affected RPM Packages:  samba-3.0.24-9.fc7 [application]filesystem-2.4.3-1.fc7 [target]
Policy RPM:  selinux-policy-2.5.10-2.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  bentledr-xeon
Platform:  Linux bentledr-xeon 2.6.20-1.3025.fc7 #1 SMP Wed Mar 28 20:33:47 EDT 2007 i686 i686
Alert Count:  20
First Seen:  Sat 31 Mar 2007 09:49:04 AM BST
Last Seen:  Sat 31 Mar 2007 11:46:03 AM BST
LocalID:  81674bea-09e1-4043-82f5-7aeb36f694ef
Line Numbers: 
 
Raw Audit Messages 

:avc: denied { search } for comm="nmbd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/nmbd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="lib" pid=4783 scontext=root:system_r:nmbd_t:s0 sgid=0 subj=root:system_r:nmbd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0 

The above cut and pasted from setroubleshoot browser and edited to be more readable


Note You need to log in before you can comment on or make changes to this bug.