Re: SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Danezis wrote:
> I am facing the exact same issues, not only when dealing with ntfs-3g
> drives, but with my RAID hard drive and my external drive also (both mounted
> as vfat). I went through all the aforementioned steps and I still haven't
> managed to resolve the issue.
> 
> On Dec 17, 2007 1:27 AM, Craig Niederberger <craignied@xxxxxxxxx> wrote:
> 
>> sudo /usr/sbin/setsebool -P samba_run_unconfined 1
>>
>> Strangely, exactly the same AVC denial.  Anything else I can try,
>> short of turning off SELinux, which I'd prefer not to do?
>>
>> Many thanks,
>> Craig
>>
>> On Dec 16, 2007 11:09 AM, Josef Kubin <jkubin@xxxxxxxxxx> wrote:
>>> Hi, it looks that you rediscovered a bug ...
>>>
>>> Craig Niederberger wrote:
>>>> Thanks for answering my post, Josef.  Unfortunately, I'm getting
>>>> exactly the same AVC denial and message when trying to access the
>>>> drive from vmware.  The odd thing is, I can access my home directory
>>>> from vmware without problem.  The /etc/fstab entry now reads:
>>>>
>>>> /dev/sdd1 /mnt/media ntfs-3g
>>>>
>> rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t
>>>> 0 0
>>> I've tried to a little bit investigate things,
>>> in this case the forced context is completely ignored ...
>>>
>>> [root@localhost vmware]# ls -Z /mnt/
>>> drwxr-xr-x  root root system_u:object_r:mnt_t:s0       foo
>>>
>>> [root@localhost vmware]# mount -t ntfs-3g -o
>>> loop,offset=32256,context=blabla ntfsImg-flat /mnt/foo/
>>>
>>> [root@localhost vmware]# ls -Z /mnt/
>>> drwxrwxrwx  root root system_u:object_r:fusefs_t:s0    foo
>>>
>>> [root@localhost vmware]# umount /mnt/foo/
>>>
>>> [root@localhost vmware]# mount -t ntfs-3g -o
>>> context=blabla:bleble:blabla,loop,offset=32256 ntfsImg-flat /mnt/foo/
>>>
>>> [root@localhost vmware]# ls -Z /mnt/
>>> drwxrwxrwx  root root system_u:object_r:fusefs_t:s0    foo
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>> But not in this case.
>>>
>>> [root@localhost vmware]# cat /dev/zero > file
>>> [root@localhost vmware]# mkfs.ext3 file
>>> ...
>>> [root@localhost vmware]# mount -o
>>> loop,context=system_u:object_r:httpd_sys_content_t:s0 file /mnt/foo/
>>>
>>> [root@localhost vmware]# ls -Z /mnt/
>>> drwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 foo
>>>
>>> Similar bug(s) has been already reported.
>>> https://bugzilla.redhat.com/show_bug.cgi?id=216846
>>>
>>>
>>> Following command should help :-(
>>>
>>> # setsebool -P samba_run_unconfined 1
>>>
>>> Bye.
>>> Josef
>>>
>>>
>>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You can update your policy to allow this

# grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp

Then please open a bugzilla on this.  It might be a kernel problem.   Or
we can fix it in policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkd5WGAACgkQrlYvE4MpobOkHQCgomIisTsODRTk7fZhawRTNUtK
zDQAoNJN/8ipYiE0WrqElrQIE8AUhqFJ
=MygV
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux