1. Commands and files:
getenforce, setenforce - get and set SELinux mode: Enforcing, Permissive, Disabled.
/etc/selinux/targeted/contexts/files/file_contexts - default settings for files and directories.
2. SELinux and Samba
Get available options for Samba:
$ ls /selinux/booleans/ | grep -e samba -e smb
allow_smbd_anon_write
samba_domain_controller
samba_enable_home_dirs
samba_export_all_ro
samba_export_all_rw
samba_share_fusefs
samba_share_nfs
smbd_disable_trans
use_samba_home_dirs
virt_use_samba
Allow remote access to home directory:
setsebool -P samba_enable_home_dirs 1
Other directory use option public_content_rw_t. The same as for /var/ftp:
$ ls -Z /var/ftp
drwxr-xr-x root root system_u:object_r:public_content_t pub
Only reading access:
chcon -R -t public_content_rw_t /myshara/
For write access:
setsebool -P allow_smbd_anon_write 1
Another way:
SELinux for FTP and SAMBA servers:
semanage fcontext --add --type public_content_t '/srv/ftp(/.*)?'
mkdir -p /srv/ftp
restorecon /srv/ftp
semanage fcontext --add --type samba_var_t '/srv/samba(/.*)?'
mkdir -p /srv/samba
restorecon /srv/samba
ls -Z /srv
drwxr-xr-x root root system_u:object_r:public_content_t:s0 ftp
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 http
drwxr-xr-x root root system_u:object_r:samba_var_t:s0 samba
3. GUI tools SELinux
yum search selinux
yum install policycoreutils-gui
You can find System > Administration > SELinux Management
yum install setroubleshoot
You can find Applications > System Tools > SELinux Troubleshooter