> You have /root on this share? Interesting. I'm not sure you can do > what I describe below in /root. No I don't. That's what the avc output says. I have no idea why it says that - I guess it prints the path relative to the volume mount point, not to the global /. > > Try relabeling the portions of /data that you want to have > user_home_dir_t and user_home_t: > > chcon -t user_home_dir_t /data/smb > cd /data/smb > chcon -R -r user_home_t ./* That sounds like a hack. This isn't a home directory so why should I label it as such. It's a bunch of common files. In addition to that I want home directories under /home. Since smbd currently fails to read even those, how would labeling /data user_home_t help? ============= Part of the problem in my mind is that I do not know what the SElinux types are, which ones I need to do what I want, and how to add new ones to perform this simple task. Consider traditional UNIX permissions. There's a straightforward procedure for doing what I want. I create a group called data. I put whoever I want in it (user1, user2, user3, httpd..). Then I chgrp /data with that. Nice and simple. I forget what smbd does - I think it checks to see if the UNIX user that you're logged in with has access to that folder. What's the SElinux equivalent? -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University
