Re: samba & selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> John Summerfield wrote: 
> McGuffey, David C. wrote:
> > Have had an interesting time getting samba to serve up files on F7.
> > After doing a lot of rftm and tinkering, it will share test files in
> > /mnt/winxp_data for both localhost and remote windowz boxes on the
LAN.
> > However when I remove the test files (created with 'touch') and
mount an
> > ntfs partition, I get an selinux error. From the error I deduce that
the
> > selinux type for winxp_data is fusefs_t, and it needs to be
> > samba_share_t.
> >
> 
> I expect it will work when you find the magic incantation of the mount
> command. I think you need to override the context.
> 
> This is how I mounted an ISO so I could serve it from Apache:
>
/var/local/mirrors/linux/ScientificLinux/5.0/SL-5.0-050407-i386-DVD.iso
> /mnt/SL5 iso9660
>
ro,nosuid,nodev,noexec,loop,context=system_u:object_r:httpd_sys_content_
t:
> s0	0 0
> 
> That's all one line
> 

Thanks

I've registered for the selinux forum and will repost my question there.

In the mean time, I spent a bit of time last night playing with the
mount options in fstab.  I added the
context=system_u:object_r:samba_share_t option but ended up with some
strange behavior.

Per the guidance from the selinux error message, I unmounted the ntfs
partion, issued the chcon command and the selinux type of
/mnt/winxp_data was changed to samba_share_t. When the ntfs partion is
mounted, the type changes to fusefs_t, which then causes selinux to
complain.  I unmount the partition, and the mount point returns to
samba_share_t. I issued the chcon command with the ntfs partition
mounted, but because the files on ntfs don't have extended attributes,
chon pukes.

I don't want to remove or back away from selinux in enforcing mode.  I
have customers who want to build applications on top of selinux, so the
task at hand is to get smart and make things work with selinux.

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux