SELinux and winbind.

Support for security such as Firewalls and securing linux
Post Reply
ddsdave
Posts: 1
Joined: 2005/03/14 16:34:25

SELinux and winbind.

Post by ddsdave » 2005/05/26 14:20:22

I've just installed CentOS-4 "out of the box" and updated all available packages, but I can't get the winbind service to run, as the "targeted" policy doesn't grant the necessary permissions. I'm getting errors such as

May 26 10:49:24 testlnx1 kernel: audit(1117100964.093:0): avc: denied { create } for pid=16636 exe=/usr/sbin/winbindd name=winbindd.log scontext=root:system_r:winbind_t tcontext=root:object_r:samba_log_t tclass=file

As I see it the options seem to be:
1) modify the policy
2) turn off checking for winbind.
3) turn off SELinux (or turn off enforcement)

1) would be the ideal, but I can't be the only one to have hit this. Is there a new policy available that fixes the problem? Doing a Google, I found the same issue on Fedora, and it seems a new policy is available for that. Is there one for CentOS-4 / RHEL4? Would / should policy updates be loaded automatically by the nightly yum updates?

From RTFM it seems if I write my own policy I won't get updated policies loaded automatically, so that's not my number one choice.

TIA

Dave

Post Reply

Return to “CentOS 4 - Security Support”