1samba_selinux(8)      Samba Selinux Policy documentation      samba_selinux(8)
2
3
4

NAME

6       samba_selinux - Security Enhanced Linux Policy for Samba
7

DESCRIPTION

9       Security-Enhanced Linux secures the Samba server via flexible mandatory
10       access control.
11

FILE_CONTEXTS

13       SELinux requires files to have an extended attribute to define the file
14       type.   Policy  governs the access daemons have to these files.  If you
15       want to share files other than home directories, those  files  must  be
16       labeled samba_share_t.  So if you created a special directory /var/eng,
17       you would need to label the directory with the chcon tool.
18
19       chcon -t samba_share_t /var/eng
20
21       If you want to make this permanant, i.e. survive a  relabel,  you  must
22       add an entry to the file_contexts.local file.
23
24       /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
25              /var/eng(/.*)? system_u:object_r:samba_share_t
26
27

SHARING FILES

29       If  you  want to share files with multiple domains (Apache, FTP, rsync,
30       Samba), you can set a file context of public_content_t and  public_con‐
31       tent_rw_t.   These  context  allow any of the above domains to read the
32       content.  If you want a particular domain to write to  the  public_con‐
33       tent_rw_t    domain,    you   must   set   the   appropriate   boolean.
34       allow_DOMAIN_anon_write.  So for samba you would execute:
35
36       setsebool -P allow_smbd_anon_write=1
37
38

BOOLEANS

40       SELinux policy is customizable based on least access required.   So  by
41       default  SElinux  policy  turns off SELinux sharing of home directories
42       and the use of Samba shares from a remote machine as a home directory.
43
44       If you are setting up this machine as a Samba server and wish to  share
45       the  home directories, you need to set the samba_enable_home_dirs bool‐
46       ean.
47
48              setsebool -P samba_enable_home_dirs 1
49
50       If you want to use a remote Samba server for the  home  directories  on
51       this machine, you must set the use_samba_home_dirs boolean.
52
53              setsebool -P use_samba_home_dirs 1
54
55       system-config-selinux is a GUI tool available to customize SELinux pol‐
56       icy settings.
57
58

AUTHOR

60       This manual page was written by Dan Walsh <dwalsh@redhat.com>.
61
62

SEE ALSO

64       selinux(8), samba(7), chcon(1), setsebool(8)
65
66
67
68dwalsh@redhat.com                 17 Jan 2005                 samba_selinux(8)
Impressum