0

My Samba4 service is being blocked from starting using systemctl. The audit log shows:

type=AVC msg=audit(1606428851.446:87): avc: denied { execute } for pid=1748 comm="(samba)" name="samba" dev="dm-0" ino=1462831 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Setting Selinux policy to "permissive" solves the problem .... but it's not a full time solution.

Samba was built locally. It's not a repo package. So as I understand I have to manually enable it's executable path in Selinux. But how can I do it?

Service definition file looks like:

[Unit] Description=Samba Active Directory Domain Controller After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/usr/local/samba/sbin/samba -D PIDFile=/usr/local/samba/var/run/samba.pid ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
Improve this question

1 Answer 1

Reset to default
1

In addition to manually compiling Samba (why??!?) you also moved instead of copied the binary into place in /usr/local. Thus it kept its SELinux type user_home_t, applied to files in user home directories.

A simple restorecon will fix that.

Of course, since you manually built Samba (again, WHY?) many of its other files will be in locations SELinux does not expect, so you likely will have further issues.

Improve this answer
4
  • I build it as for time of Centos8 install there was no samba4 package for Centos8. Now it sems there is one ... No I did't move anything anywhere. If you would ever build a software you would now there are config files prepared by the devs to put executables in proper folders. Building does not mean to create by hand! . Will test your solution anyway. Commented Nov 29, 2020 at 22:28
  • @PaulPaku Eh? Samba 4 has been in CentOS 8 since day one. It's called samba, not samba4 though. Commented Nov 29, 2020 at 23:19
  • Sure, I am blind .. As I remember there was no Samba at all at the day I downloaded ISO. Commented Nov 30, 2020 at 8:01
  • Tried to use samba package on other server... not working. Will have to build it myself :( Look my last question. Commented Dec 9, 2020 at 20:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.