samba_selinux(8) - Linux man page
Name
samba_selinux - Security Enhanced Linux Policy for SambaDescription
Security-Enhanced Linux secures the Samba server via flexible mandatory access control.
File_contexts
- chcon -t samba_share_t /var/eng
- If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
- /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
- If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
/var/eng(/.*)? system_u:object_r:samba_share_t
Sharing Files
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute:setsebool
-
P allow_smbd_anon_write=1
Booleans
SELinux policy is customizable based on least access required. So by default SElinux policy turns off SELinux sharing of home directories and the use of Samba shares from a remote machine as a home directory.- If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean.
setsebool -P samba_enable_home_dirs 1
- If you want to use a remote Samba server for the home directories on this machine, you must set the use_samba_home_dirs boolean.
setsebool -P use_samba_home_dirs 1
- You can disable SELinux protection for the samba daemon by executing:
setsebool -P smbd_disable_trans 1
service smb restart- system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
