Dawid Gajownik wrote:
On 3/16/07, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
You're probably having problems with trying to read /root before you
even get to the credentials file. What I use is this:
May I ask you what version of selinux-policy-targeted do you have in
your system? I changed configuration and still have AVC messages:
audit(1174047007.131:6): avc: denied { read } for pid=2242
comm="mount.cifs" name="smbcredential-polsl" dev=sda1 ino=131578
scontext=system_u:system_r:mount_t:s0
tcontext=user_u:object_r:samba_etc_t:s0 tclass=file
[gajownik@cyklop ~]$ ls -lZ /etc/samba/
-rw-r--r-- root root system_u:object_r:samba_etc_t lmhosts
-rw-r--r-- root root system_u:object_r:samba_etc_t smb.conf
-rw------- root root user_u:object_r:samba_etc_t smbcredential-polsl
[gajownik@cyklop ~]$
fstab:
//dionizos/usr /srv/dionizos cifs
credentials=/etc/samba/smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir
_mode=0777 0 0
selinux-policy-targeted-2.4.6-42.fc6
Curious:
# rpm -q selinux-policy
selinux-policy-2.4.6-42.fc6
I haven't changed my setup for this for a long time though, and it's
been working fine.
Looking at the policy sources, I think it may be working for me because
I have the allow_mount_anyfile boolean set (I have some ISO images
loopback mounted, and needed the boolean set to do that).
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
