samba_selinux - Security Enhanced Linux Policy for Samba
Contents
Booleans
SELinux policy is customizable based on least access required. So by default SELinux policy turns off
SELinux sharing of home directories and the use of Samba shares from a remote machine as a home
directory.
If you are setting up this machine as a Samba server and wish to share the home directories, you need to
set the samba_enable_home_dirs boolean.
setsebool -P samba_enable_home_dirs 1
If you want to use a remote Samba server for the home directories on this machine, you must set the
use_samba_home_dirs boolean.
setsebool -P use_samba_home_dirs 1
system-config-selinux is a GUI tool available to customize SELinux policy settings.
Description
Security-Enhanced Linux secures the Samba server via flexible mandatory access control.
File_Contexts
SELinux requires files to have an extended attribute to define the file type. Policy governs the access
daemons have to these files. If you want to share files other than home directories, those files must be
labeled samba_share_t. So if you created a special directory /var/eng, you would need to label the
directory with the chcon tool.
chcon -t samba_share_t /var/eng
To make this change permanent (survive a relabel), use the semanage command to add the change to file
context configuration:
semanage fcontext -a -t samba_share_t "/var/eng(/.*)?"
This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
/var/eng(/.*)? system_u:object_r:samba_share_t:s0
Run the restorecon command to apply the changes:
restorecon -R -v /var/eng/
Name
samba_selinux - Security Enhanced Linux Policy for Samba
See Also
selinux(8), samba(7), chcon(1), setsebool(8), semanage(8) dwalsh@redhat.com 17 Jan 2005 samba_selinux(8)
