Dawid Gajownik wrote:
Hi!
What's the proper security context of credentials file used by
mount.cifs? samba_selinux did not help me and cifs_t is not what I am
looking for:
audit(1173946014.366:6): avc: denied { read } for pid=2237
comm="mount.cifs" name=".smbcredential-polsl" dev=sda1 ino=2195809
scontext=system_u:system_r:mount_t:s0 tcontext=user_u:object_r:cifs_t:s0
tclass=file
I've got this line in my fstab:
//dionizos/usr /srv/dionizos cifs
credentials=/root/.smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir_mode=0777
0 0
You're probably having problems with trying to read /root before you
even get to the credentials file. What I use is this:
//METROPOLIS/Public\040Data /mnt/samba/public.data cifs
uid=paul,gid=paul,credentials=/etc/samba/smbcredentials.paul,dir_mode=0755,file_mode=0644
0 0
$ ls -lZ /etc/samba
-rw-r--r-- root root system_u:object_r:samba_etc_t lmhosts
-rw------- root root user_u:object_r:samba_secrets_t passdb.tdb
-rw------- root root user_u:object_r:samba_secrets_t secrets.tdb
-rw-r--r-- root root system_u:object_r:samba_etc_t smb.conf
-rw------- root root user_u:object_r:samba_etc_t smbcredentials.paul
-rw-r--r-- root root system_u:object_r:samba_etc_t smbusers
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
