Send fedora-selinux-list mailing list submissions to
	fedora-selinux-list@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit
	https://www.redhat.com/mailman/listinfo/fedora-selinux-list
or, via email, send a message with subject or body 'help' to
	fedora-selinux-list-request@redhat.com

You can reach the person managing the list at
	fedora-selinux-list-owner@redhat.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of fedora-selinux-list digest..."
  

Today's Topics:

   1. Re: Data access to two daemon (Stephen Smalley)
  

---

Subject: Re: Data access to two daemon

From: Stephen Smalley <sds@tycho.nsa.gov>

Date: Wed, 22 Aug 2007 08:50:38 -0400

To: Arthur Pemberton <pemboa@gmail.com>

To: Arthur Pemberton <pemboa@gmail.com>

CC: Daniel J Walsh <dwalsh@redhat.com>, fedora-selinux-list@redhat.com

Content-Transfer-Encoding: 7bit

Precedence: junk

MIME-Version: 1.0

References: <16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com>

In-Reply-To: <16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com>

Message-ID: <1187787038.1451.284.camel@moss-spartans.epoch.ncsc.mil>

Content-Type: text/plain

Message: 1

On Tue, 2007-08-21 at 15:55 -0500, Arthur Pemberton wrote:
  

I have a personal server setup with SELinux in targeted mode.

I would like to allow rw access over these files to Samba, and ro
access to these files to httpd.

In my current setup, SELinux requires the security context of the
respective daemon to allow access to them.

Since I gave Samba access more priority, the current context is:
root:object_r:samba_share_t

The files are not owned by root, they are currently chowned pembo13:comrades.

Please advise on the best method to arrange for the access that I seem
to require.
    

man samba_selinux seems to suggest using public_content_rw_t on the file
and setting the allow_smbd_anon_write boolean.