On 15/02/10 21:54, Tristan Santore wrote: > On 15/02/10 21:44, Shintaro Fujiwara wrote: >> Hi, I'm now making server at my office with f12. >> I'm moved by how easy SELinux became to configure anythinng after all >> these years. >> >> I have mounted HDs on /mnt/path or /media/path. >> >> The HDs are mounted on /mnt/path which reside valuable data inside, >> and on /media/path >> which has backup tar balls. >> >> The one on /mnt/path are shared data by samba so that some >> organization unit guys can read and write through network. >> >> First,I set >> #chmod 777 /mnt/path >> and this is just a test, so it's not controversial. >> Second, after I read smb.conf, and I found SELinux configuration >> telling to set path to samba_share_t by chcon. >> I made it and it was a success, I could read and write from network to >> /mnt/path. >> >> Next, I commanded, >> # restorecon -R -v /mnt >> and /mnt/path became mnt_t. >> In that, I failed both read nor write. >> >> I made local module by audit2allow and installed by semodule -i. >> Of course, I restoreconed. >> I failed again. >> >> I did >> # touch /.autorelabel >> # shutdown -r now >> >> I failed. >> >> security context of /mnt/path is still mnt_t. >> >> How can I set security context of /mnt/path to samba_share_t not using >> chcon ? The module you created using audit2allow will have a .fc file. Add the following line to that file: /mnt/path(/.*)? gen_context(system_u:object_r:samba_share_t,s0) Then edit the .te file to increase the module version number (the number in the policy_module declaration at the top) and rebuild the .pp file. When you've done that, use "semodule -u" to update the policy module. You'll then be able to do "restorecon -R -v /mnt/path" and it'll be samba_share_t. Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
