> John Summerfield wrote: > McGuffey, David C. wrote: > > Have had an interesting time getting samba to serve up files on F7. > > After doing a lot of rftm and tinkering, it will share test files in > > /mnt/winxp_data for both localhost and remote windowz boxes on the LAN. > > However when I remove the test files (created with 'touch') and mount an > > ntfs partition, I get an selinux error. From the error I deduce that the > > selinux type for winxp_data is fusefs_t, and it needs to be > > samba_share_t. > > > > I expect it will work when you find the magic incantation of the mount > command. I think you need to override the context. > > This is how I mounted an ISO so I could serve it from Apache: > /var/local/mirrors/linux/ScientificLinux/5.0/SL-5.0-050407-i386-DVD.iso > /mnt/SL5 iso9660 > ro,nosuid,nodev,noexec,loop,context=system_u:object_r:httpd_sys_content_ t: > s0 0 0 > > That's all one line > Thanks I've registered for the selinux forum and will repost my question there. In the mean time, I spent a bit of time last night playing with the mount options in fstab. I added the context=system_u:object_r:samba_share_t option but ended up with some strange behavior. Per the guidance from the selinux error message, I unmounted the ntfs partion, issued the chcon command and the selinux type of /mnt/winxp_data was changed to samba_share_t. When the ntfs partion is mounted, the type changes to fusefs_t, which then causes selinux to complain. I unmount the partition, and the mount point returns to samba_share_t. I issued the chcon command with the ntfs partition mounted, but because the files on ntfs don't have extended attributes, chon pukes. I don't want to remove or back away from selinux in enforcing mode. I have customers who want to build applications on top of selinux, so the task at hand is to get smart and make things work with selinux. Dave McGuffey Principal Information System Security Engineer // NSA-IEM, NSA-IAM SAIC, IISBU, Columbia, MD