Re: samba & selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> John Summerfield wrote: 
> McGuffey, David C. wrote:
> > Have had an interesting time getting samba to serve up files on F7.
> > After doing a lot of rftm and tinkering, it will share test files in
> > /mnt/winxp_data for both localhost and remote windowz boxes on the
LAN.
> > However when I remove the test files (created with 'touch') and
mount an
> > ntfs partition, I get an selinux error. From the error I deduce that
the
> > selinux type for winxp_data is fusefs_t, and it needs to be
> > samba_share_t.
> >
> 
> I expect it will work when you find the magic incantation of the mount
> command. I think you need to override the context.
> 
> This is how I mounted an ISO so I could serve it from Apache:
>
/var/local/mirrors/linux/ScientificLinux/5.0/SL-5.0-050407-i386-DVD.iso
> /mnt/SL5 iso9660
>
ro,nosuid,nodev,noexec,loop,context=system_u:object_r:httpd_sys_content_
t:
> s0	0 0
> 
> That's all one line
> 

Thanks

I've registered for the selinux forum and will repost my question there.

In the mean time, I spent a bit of time last night playing with the
mount options in fstab.  I added the
context=system_u:object_r:samba_share_t option but ended up with some
strange behavior.

Per the guidance from the selinux error message, I unmounted the ntfs
partion, issued the chcon command and the selinux type of
/mnt/winxp_data was changed to samba_share_t. When the ntfs partion is
mounted, the type changes to fusefs_t, which then causes selinux to
complain.  I unmount the partition, and the mount point returns to
samba_share_t. I issued the chcon command with the ntfs partition
mounted, but because the files on ntfs don't have extended attributes,
chon pukes.

I don't want to remove or back away from selinux in enforcing mode.  I
have customers who want to build applications on top of selinux, so the
task at hand is to get smart and make things work with selinux.

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux