Hi folks,
I've been googling for an hour on this which seems to be awfully
basic. But I cannot find anything definitive.
[root at centos-gig ~]# systemctl enable smb.service
Failed to execute operation: Access denied
[root at centos-gig ~]# setenforce 0
[root at centos-gig ~]# systemctl enable smb.service
Failed to execute operation: No such file or directory
Have tried things like :
chcon -t samba_share_t /home/amckay
Also took the output from:
getsebool -a | grep samba
and set all them to "on"
Stripped my config down to the most basic.
What am I missing?
# Global parameters
[global]
netbios name = centos
security = USER
idmap config * : backend = tdb
[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S
--
"You should sit in nature for 20 minutes a day.
Unless you are busy, then you should sit for an hour"
- Zen Proverb
Also tried this :
[root at centos-gig ~]# cat allow
type=USER_AVC msg=audit(1507584974.134:166105): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='avc: received setenforce notice (enforcing=1)
exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=?
terminal=?'
type=USER_AVC msg=audit(1507584974.137:166106): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='avc: denied { enable } for auid=1000 uid=0 gid=0
cmdline="systemctl enable smb.service"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=system_u:system_r:init_t:s0 tclass=service
exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=?
terminal=?'
[root at centos-gig ~]# audit2allow -i ./allow -M samba
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i samba.pp
[root at centos-gig ~]# semodule -i ./samba.pp
libsemanage.semanage_direct_install_info: Overriding samba module at
lower priority 100 with module at priority 400.
Failed to resolve typeattributeset statement at
/etc/selinux/targeted/tmp/modules/100/ksmtuned/cil:78
semodule: Failed!
[root at centos-gig ~]# audit2allow -i ./allow -M samba-new
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i samba-new.pp
[root at centos-gig ~]# semodule -i ./samba-new.pp
[root at centos-gig ~]# systemctl enable smb.service
Failed to execute operation: No such file or directory
[root at centos-gig ~]# setenforce 1
[root at centos-gig ~]# systemctl enable smb.service
Failed to execute operation: No such file or directory
[root at centos-gig ~]# setenforce 1
[root at centos-gig ~]# systemctl enable smb.service
Failed to execute operation: No such file or directory
[root at centos-gig ~]#
Ug - can't believe it. [root at centos-gig ~]# rpm -qa | grep samba samba-libs-4.4.4-14.el7_3.x86_64 samba-client-4.4.4-14.el7_3.x86_64 samba-client-libs-4.4.4-14.el7_3.x86_64 samba-common-tools-4.4.4-14.el7_3.x86_64 samba-common-libs-4.4.4-14.el7_3.x86_64 samba-common-4.4.4-14.el7_3.noarch [root at centos-gig ~]# yum -y install samba (and it goes on to install the one missing package) Not sure how I ended up with everything but that one ...
Possibly Parallel Threads
- Samba won't start on Centos 7.3.1611
- NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
- Centos 7: avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" ....
- Customizing SELinux Policy
- selinux policy (& engine) broken in C7