-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gordon Messmer wrote: > Henning Larsen wrote: >> After doing that setsebool -P samba.... I still get alerts, but I found >> one solution via google, like this: >> >> # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba >> # semodule -i mysamba.pp >> >> This removes the alert, but I think it not is the proper way > > No, that's pretty much the proper way. You've effectively created a > policy similar to "samba_share_nfs" for FUSE. Since FUSE and NFSv3 > don't support file attributes (required for SELinux), the policy can't > be very specific about what samba is allowed to do. > > You're not the first person to try to share an NTFS drive of some type, > so perhaps you should file a bug (request for enhancement), requesting a > policy similar to "samba_share_nfs" which allows samba to share fuse > filesystems. > > The other option would be to mount the USB drive with an allowed context: > > mount /dev/usbdoohickey1 /srv/sambantfs -o > context=system_u:object_r:samba_share_t > Added samba_share_fusefs boolean to selinux-policy-3.2.7-4 in rawhide. Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkexsOgACgkQrlYvE4MpobPt0wCgiZEkDYUkfSmiczkLby2+i7ts jmkAoLbRJTlBwWX+iYijbfRCBbVQ7Vd4 =xycQ -----END PGP SIGNATURE-----
