View Issue Details

IDProjectCategoryView StatusLast Update
0017969CentOS-7selinux-policypublic2020-12-23 21:42
Reporterrucareanum 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0017969: SELinux is preventing /usr/sbin/smbd from 'read' accesses on the file ASUS_P5K_SE_EPU_motherboard_manual_ver1_E3202_May_2007....
DescriptionDescription of problem:
Since August 2020, SELinux Alert Browser pops up now-and-then (every couple of days or so) and reports this kind of alert refering at two files (one .pdf and one .bin) that are not even being accessed (at least not voluntarily!). Not a big deal, but annoying however.
SELinux is preventing /usr/sbin/smbd from 'read' accesses on the file ASUS_P5K_SE_EPU_motherboard_manual_ver1_E3202_May_2007.pdf.

***** Plugin catchall_boolean (32.5 confidence) suggests ******************

If you want to allow samba to enable home dirs
Then you must tell SELinux about this by enabling the 'samba_enable_home_dirs' boolean.

Do
setsebool -P samba_enable_home_dirs 1

***** Plugin catchall_boolean (32.5 confidence) suggests ******************

If you want to allow samba to export all ro
Then you must tell SELinux about this by enabling the 'samba_export_all_ro' boolean.

Do
setsebool -P samba_export_all_ro 1

***** Plugin catchall_boolean (32.5 confidence) suggests ******************

If you want to allow samba to export all rw
Then you must tell SELinux about this by enabling the 'samba_export_all_rw' boolean.

Do
setsebool -P samba_export_all_rw 1

***** Plugin catchall (4.5 confidence) suggests ***************************

If you believe that smbd should be allowed read access on the ASUS_P5K_SE_EPU_motherboard_manual_ver1_E3202_May_2007.pdf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'smbd' --raw | audit2allow -M my-smbd
# semodule -i my-smbd.pp

Additional Information:
Source Context system_u:system_r:smbd_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects ASUS_P5K_SE_EPU_motherboard_manual_ver1_E3202_May_
                              2007.pdf [ file ]
Source smbd
Source Path /usr/sbin/smbd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.6.1.el7.x86_64 #1 SMP
                              Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64
Alert Count 309
First Seen 2020-12-10 00:44:10 EST
Last Seen 2020-12-21 14:46:14 EST
Local ID 7bc05b35-9e5a-4716-9d98-89de7876df43

Raw Audit Messages
type=AVC msg=audit(1608579974.617:1484): avc: denied { read } for pid=4110 comm="smbd" name="ASUS_P5K_SE_EPU_motherboard_manual_ver1_E3202_May_2007.pdf" dev="sdb1" ino=41025847 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


Hash: smbd,smbd_t,user_home_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-268.el7_9.2.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.6.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash6d1f4b39aa45194fb180708601e3a0eef1508d093822583b97bdd9ccfdc3454c
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-12-23 21:42 rucareanum New Issue