On 10/20/2011 08:36 PM, RILINDO FOSTER wrote:
> It is actually in the smb.conf file, assuming that it doesn't get overwritten by swat. Here is an excerpt:
>
>
> # Set labels only on directories you created!
> # To set a label use the following: chcon -t samba_share_t /path
> #
> # If you need to share a system created directory you can use one of the
> # following (read-only/read-write):
> # setsebool -P samba_export_all_ro on
> # or
> # setsebool -P samba_export_all_rw on
> #
> # If you want to run scripts (preexec/root prexec/print command/...) please
> # put them into the /var/lib/samba/scripts directory so that smbd will be
> # allowed to run them.
> # Make sure you COPY them and not MOVE them so that the right SELinux context
> # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
> #
>
> You can feel free to turn SELinux, but if you play around with it, it can be useful as an extra line of defense against intruders.
>
>   - Rilindo

Thank you.  It did get overwritten, not by swat, but by me.  :'[

Is selinux effective enough as an "extra line of defense against intruders"?
or mostly just a pain in the neck.  I would like the extra line of 
defense, but only
if it works.

Thank you again for the quote from smb.conf!

-T