---- max <maximilianbianco@xxxxxxxxx> wrote: > CURSES!! If it weren't for those damn kids I would have gotten away with > it too... > > -------- Original Message -------- > Subject: Re: Can't export samba share > Date: Mon, 21 Jul 2008 11:38:06 -0400 > From: max <maximilianbianco@xxxxxxxxx> > To: Steve Blackwell <zephod@xxxxxxxxxx> > References: <20080721105041.1fd67e05@xxxxxxxxxxxxxxx> > <4884AA94.1010409@xxxxxxxxx> > > max wrote: > > Steve Blackwell wrote: > >> I have a dual boot F8/XP machine and I want to export, via samba, the > >> NTFS partition so that I can use it to back up my wife's Vista machine. > >> It seems that selinux is preventing this from happening. Here is the > >> summary message from setroubleshoot: > >> > >> SELinux is preventing the samba daemon from serving r/o local files to > >> remote clients. > >> and the Allowing Access section says: > >> > >> If you want to export file systems using samba you need to turn on the > >> samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The > >> following command will allow this access:setsebool -P > >> samba_export_all_ro=1 > >> > >> There seems to be 2 problems here; 1) The filesystem that I'm trying to > >> export is read-write not read-only and 2) I have already set > >> samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I > >> even set samba_run_unconfined=1 and I still get the same messages. > > > > I would try setting samba_export_all_ro=0, leave samba_export_all_rw=1 > > > > Those two settings will conflict and denials should always win out over > > allows. Tried that. No luck. > Just to be clear. I am saying where two settings conflict a denial > should not be surprising, it makes good sense, at least to me. > > I am not sure you need samba_run_unconfined here either. Here is what I have set now: # getsebool -a | grep samba samba_domain_controller --> on samba_enable_home_dirs --> on samba_export_all_ro --> off samba_export_all_rw --> on samba_run_unconfined --> off samba_share_nfs --> off use_samba_home_dirs --> on > Checkout man ausearch, this can help pull all the AVC's related to this > together, it has many search options. It is worth reading. Will do. Thanks, Steve -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list