SELinux adding new allowed samba type to access httpd_sys_content_t?

Posted by Josh on Server Fault See other posts from Server Fault or by Josh
Published on 2010-06-08T20:50:00Z Indexed on 2010/06/08 20:53 UTC
Read the original article Hit count: 330

Filed under:
|
|
allow samba_share_t httpd_sys_content_t {read execute getattr setattr write};
allow smbd_t httpd_sys_content_t {read execute getattr setattr write};

I am taking a stab in the dark with resources I've looked at, at various places that the above policies are what I want. I basically want to allow Samba to write to my web docs without giving it free access to the operating system. I read a post by a NSA rep saying the best way was defining a new type and allowing both samba and httpd access. Setting the content to public content (public_content_rw_t) does not work without making use of some unrestrictive booleans.

To state this in short, how do I allow samba to access a new type?

© Server Fault or respective owner

Related posts about linux

Related posts about security