|
Hi, I have F8 and every time to I try to access remotely or locally NTFS filesystems that shared via Samba I get a warning (at the end of this mesage) from SELinux troubleshooter and can't access the share. I have tried to mount the filesystem with different context's but none of them seem to do anything. The shares worked with previous version of Fedora (F7). I have tried to mount the NTFS volume doing the following to change it context: * mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o context=system_u:system_r:smbd_t * mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o context=system_u:object_r:smbd_t * mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o fscontext=system_u:object_r:samba_share_t and various other mount options such as defcontext= and changed the context=, fscontext=, and defcontext= parameter values. But the context stays the same (ls --lcontext): drwxrwxrwx 1 system_u:object_r:fusefs_t root root 12288 2007-12-12 21:13 petteri-c So how I am going tho get SELinux to allow Samba to share mounted NTFS filesystem? (Sorry about the newbie question :( and possibly bad english). SELinux is enforcing/targetted and all the booleans that refer to smbd are checked allow from SELinux Administration. Summary SELinux is preventing samba (smbd) "read" to <Unknown> (fusefs_t). Detailed Description SELinux denied samba access to <Unknown>. If you want to share this directory with samba it has to have a file context label of samba_share_t. If you did not intend to use <Unknown> as a samba repository it could indicate either a bug or it could signal a intrusion attempt. Allowing Access You can alter the file context by executing chcon -R -t samba_share_t <Unknown> You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t <Unknown>" The following command will allow this access: chcon -R -t samba_share_t <Unknown> Additional Information Source Context system_u:system_r:smbd_t Target Context system_u:object_r:fusefs_t Target Objects None [ dir ] Affected RPM Packages Policy RPM selinux-policy-3.0.8-64.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.samba_share Host Name petteri Platform Linux petteri 2.6.23.8-63.fc8 #1 SMP Wed Nov 21 18:51:08 EST 2007 i686 athlon Alert Count 126 First Seen ke 14. marraskuuta 2007 15:57:05 Last Seen to 13. joulukuuta 2007 07:13:17 Local ID 2f2fd1b5-757e-4b37-a44f-eb76e86a81c2 Line Numbers Raw Audit Messages avc: denied { read } for comm=smbd dev=sda1 name=/ pid=21782 scontext=system_u:system_r:smbd_t:s0 tclass=dir tcontext=system_u:object_r:fusefs_t:s0 |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
