Christoph Wickert wrote:
Am Freitag, den 19.08.2005, 15:58 +0100 schrieb Paul Howarth:
I've got one working using:
/dev/hda5 /data vfat
uid=1012,gid=1001,fscontext=system_u:object_r:samba_share_t 0 0
I changed my fstab to
/dev/hda7 /mnt/daten vfat
rw,utf8,showexec,uid=500,gid=500,fmask=113,dmask=002,fscontext=system_u:object_r:samba_share_t 0 0
but samba access still was denied:
type=AVC msg=audit(1124469125.186:5348079): avc: denied { search } for
pid=4393 comm="smbd" name=mnt dev=hda3 ino=3335809
scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:mnt_t
tclass=dir
I get these too but it doesn't stop me accessing the share...
so I had to
# chcon -t samba_share_t /mnt/
but I wonder if changing the context of the whole /mnt directory is a
good solution.
Probably not. If you can actually do everything you want to do, a better
option would be to add a local policy rule:
dontaudit smbd_t mnt_t:dir search;
Paul.
