It is actually in the smb.conf file, assuming that it doesn't get overwritten by swat. Here is an excerpt:
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
You can feel free to turn SELinux, but if you play around with it, it can be useful as an extra line of defense against intruders.
- Rilindo
On Oct 20, 2011, at 11:26 PM, Todd And Margo Chester wrote:
> On Oct 20, 2011, at 10:30 PM, Todd And Margo Chester wrote:
>>> Hi All,
>>>
>>> I have always found selinux a pain in the neck, and in
>>> past have just removed it to get my stuff working.
>>>
>>> Question: what are the ramifications of just removing
>>> selinux from SL 6.1? Is selinux worth the effort?
>>>
>>> Many thanks,
>>> -T
>
> On 10/20/2011 07:50 PM, RILINDO FOSTER wrote:
>> SELinux is just a couple of more of steps when configuring the system. Its a not a large deal once you figure out the basic command set. In fact, come of the steps configuring an app for SELinux is even outlined in the man pages and some of the application docs, (notably Samba).
>
> Not finding it in "man smb.conf". Am I blind?
>>
>> Worse case, you can use the audit file as well as the SELinux Troubleshooter utility to diagnose the issue. In most case, it is easy to resolve.
>>
>> - Rilindo
>
> What are the ramifications of just disabling selinux? Good idea? Bad Idea?
>
> -T
|