SELinux and Samba

Those who installed Samba on RHEL or any other SELinux enabled distribution may have faced the problem when they actually cannot access any Samba shares from their Windows machines. Samba logs in /var/samba/log may show lots of such messages:

[2007/07/03 16:37:44, 0] smbd/service.c:make_connection_snum(911)
  '/opt/blah' does not exist or permission denied when connecting to [blah] 
  Error was Permission denied

This is probably an SELinux problem and to fix it you’ll need to execute:

chcon -t system_u:object_r:samba_share_t /opt

or, in order to survive relabel:

  • add these lines to /etc/selinux/targeted/contexts/files/file_contexts.local file (if you are using targeted policy):

    /opt(/.*)?  system_u:object_r:samba_share_t:s0
    
  • probably, reboot

  • execute:

    restorecon -R /opt/
    

This will set appropriate SELinux context on all files in /opt directory and SELinux won’t prevent Samba access anymore.

To allow Samba to share your home directories with SELinux execute the following:

setsebool -P samba_enable_home_dirs 1