-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel B. Thurman wrote: | Stephen Smalley | |Daniel B. Thurman wrote: | |> |You can certainly generate a local policy module that gives | |> |access to fusefs_t, but it would be better if we could get | |> |the context mount option to work. | |> | |> I will try anything you suggest. Let me know if you can | |> resolve this issue, otherwise let me know (in detail) how | |> to write a policy as a last resort? | | | |To generate local policy for this issue, you'd do something like this: | | | |$ su - | |# ausearch -m AVC | grep fuse | audit2allow -M myfuse | |# semodule -i myfuse.pp | | | |Then the fuse-related denials should be allowed. | | Uh, almost. It still will not allow me to chmod or chgrp | the mounted filesystem which means that I cannot write to | the shared NTFS filesystem without assigning the proper | permissions. I have set samba properties to allow writes | but apparently this problem resides with fuse again. Grr. | | What can I do to allow samba shared writes? | | Thanks! | Dan Look for additional AVC's with ausearch You can run the above command another time. You can put the machine into permissive mode and gather all of the AVC messages setenforce 0 Run your test ausearch -m AVC | grep fuse | audit2allow -M myfuse semodule -i myfuse.pp setenforce 1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkgq58sACgkQrlYvE4MpobPUCwCeOmeEF6ayyczUASCAfMzi05DD j60AnRwY+T5dlMRTJOtzvZcY605JjW+a =hWbq -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
