-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Danezis wrote: > I am facing the exact same issues, not only when dealing with ntfs-3g > drives, but with my RAID hard drive and my external drive also (both mounted > as vfat). I went through all the aforementioned steps and I still haven't > managed to resolve the issue. > > On Dec 17, 2007 1:27 AM, Craig Niederberger <craignied@xxxxxxxxx> wrote: > >> sudo /usr/sbin/setsebool -P samba_run_unconfined 1 >> >> Strangely, exactly the same AVC denial. Anything else I can try, >> short of turning off SELinux, which I'd prefer not to do? >> >> Many thanks, >> Craig >> >> On Dec 16, 2007 11:09 AM, Josef Kubin <jkubin@xxxxxxxxxx> wrote: >>> Hi, it looks that you rediscovered a bug ... >>> >>> Craig Niederberger wrote: >>>> Thanks for answering my post, Josef. Unfortunately, I'm getting >>>> exactly the same AVC denial and message when trying to access the >>>> drive from vmware. The odd thing is, I can access my home directory >>>> from vmware without problem. The /etc/fstab entry now reads: >>>> >>>> /dev/sdd1 /mnt/media ntfs-3g >>>> >> rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t >>>> 0 0 >>> I've tried to a little bit investigate things, >>> in this case the forced context is completely ignored ... >>> >>> [root@localhost vmware]# ls -Z /mnt/ >>> drwxr-xr-x root root system_u:object_r:mnt_t:s0 foo >>> >>> [root@localhost vmware]# mount -t ntfs-3g -o >>> loop,offset=32256,context=blabla ntfsImg-flat /mnt/foo/ >>> >>> [root@localhost vmware]# ls -Z /mnt/ >>> drwxrwxrwx root root system_u:object_r:fusefs_t:s0 foo >>> >>> [root@localhost vmware]# umount /mnt/foo/ >>> >>> [root@localhost vmware]# mount -t ntfs-3g -o >>> context=blabla:bleble:blabla,loop,offset=32256 ntfsImg-flat /mnt/foo/ >>> >>> [root@localhost vmware]# ls -Z /mnt/ >>> drwxrwxrwx root root system_u:object_r:fusefs_t:s0 foo >>> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> >>> But not in this case. >>> >>> [root@localhost vmware]# cat /dev/zero > file >>> [root@localhost vmware]# mkfs.ext3 file >>> ... >>> [root@localhost vmware]# mount -o >>> loop,context=system_u:object_r:httpd_sys_content_t:s0 file /mnt/foo/ >>> >>> [root@localhost vmware]# ls -Z /mnt/ >>> drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 foo >>> >>> Similar bug(s) has been already reported. >>> https://bugzilla.redhat.com/show_bug.cgi?id=216846 >>> >>> >>> Following command should help :-( >>> >>> # setsebool -P samba_run_unconfined 1 >>> >>> Bye. >>> Josef >>> >>> >>> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list You can update your policy to allow this # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp Then please open a bugzilla on this. It might be a kernel problem. Or we can fix it in policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkd5WGAACgkQrlYvE4MpobOkHQCgomIisTsODRTk7fZhawRTNUtK zDQAoNJN/8ipYiE0WrqElrQIE8AUhqFJ =MygV -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
