chacocr · December 17, 2018 20:49 · Jan 6, 2015
diff --git a/NOTES b/NOTES
@@ -0,0 +1,8 @@
+I had to also do the following items to play nicely with SELinux:
+
+Restore the proper SELinux labels on smb.conf and my smbusers:
+# chcon system_u:object_r:samba_etc_t:s0 smb.conf
+# chcon system_u:object_r:samba_etc_t:s0 smbusers 
+
+Allow Samba to access home dirs:
+# setsebool -P samba_enable_home_dirs 1
diff --git a/SETroubleshooot Details b/SETroubleshooot Details
@@ -0,0 +1,65 @@
+SELinux is preventing /usr/sbin/smbd from getattr access on the file .
+
+*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************
+
+If you want to allow samba to export all ro
+Then you must tell SELinux about this by enabling the 'samba_export_all_ro' boolean.
+You can read 'None' man page for more details.
+Do
+setsebool -P samba_export_all_ro 1
+
+*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************
+
+If you want to allow samba to enable home dirs
+Then you must tell SELinux about this by enabling the 'samba_enable_home_dirs' boolean.
+You can read 'None' man page for more details.
+Do
+setsebool -P samba_enable_home_dirs 1
+
+*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************
+
+If you want to allow samba to export all rw
+Then you must tell SELinux about this by enabling the 'samba_export_all_rw' boolean.
+You can read 'None' man page for more details.
+Do
+setsebool -P samba_export_all_rw 1
+
+*****  Plugin catchall (4.5 confidence) suggests   ***************************
+
+If you believe that smbd should be allowed getattr access on the  file by default.
+Then you should report this as a bug.
+You can generate a local policy module to allow this access.
+Do
+allow this access for now by executing:
+# grep smbd /var/log/audit/audit.log | audit2allow -M mypol
+# semodule -i mypol.pp
+
+Additional Information:
+Source Context                system_u:system_r:smbd_t:s0
+Target Context                unconfined_u:object_r:iceauth_home_t:s0
+Target Objects                 [ file ]
+Source                        smbd
+Source Path                   /usr/sbin/smbd
+Port                          <Unknown>
+Host                          jonathon-centos7
+Source RPM Packages           samba-4.1.1-37.el7_0.x86_64
+Target RPM Packages           
+Policy RPM                    selinux-policy-3.12.1-153.el7_0.13.noarch
+Selinux Enabled               True
+Policy Type                   targeted
+Enforcing Mode                Permissive
+Host Name                     jonathon-centos7
+Platform                      Linux jonathon-centos7 3.10.0-123.el7.x86_64 #1
+                              SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64
+Alert Count                   1
+First Seen                    2015-01-06 03:48:52 EST
+Last Seen                     2015-01-06 03:48:52 EST
+Local ID                      e4028d83-8037-4dde-8328-549b1b3938e9
+
+Raw Audit Messages
+type=AVC msg=audit(1420534132.161:26536): avc:  denied  { getattr } for  pid=13144 comm="smbd" path="/home/jreinhart/.ICEauthority" dev="dm-2" ino=207 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:iceauth_home_t:s0 tclass=file
+
+
+type=SYSCALL msg=audit(1420534132.161:26536): arch=x86_64 syscall=newfstatat success=yes exit=0 a0=22 a1=7f93e2e46a9b a2=7fffb2f3bbb0 a3=0 items=0 ppid=13137 pid=13144 auid=4294967295 uid=1000 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=4294967295 comm=smbd exe=/usr/sbin/smbd subj=system_u:system_r:smbd_t:s0 key=(null)
+
+Hash: smbd,smbd_t,iceauth_home_t,file,getattr
diff --git a/smb.conf b/smb.conf
@@ -0,0 +1,17 @@
+[global]
+workgroup = WORKGROUP
+server string = Samba Server %v
+netbios name = centos
+security = user
+username map = /etc/samba/smbusers
+map to guest = bad user
+dns proxy = no
+#log level = 2
+unix password sync = yes
+
+[homes]
+path=/home/%u
+comment = Home Directories
+browseable = no
+writable = yes
+valid users = %S
diff --git a/smbusers b/smbusers
@@ -0,0 +1,2 @@
+# Unix username = whitespace-separated SMB client usernames
+jreinhart = Jonathon
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Unix username = whitespace-separated SMB client usernames
		jreinhart = Jonathon