Sorry I was mistaken. I set by .fc and made module but failed, so I audit2allowed to allow smbd_t to read/write mnt_t. But that was not a good solution, I knew... Thanks everyone. I will check semanage fcontext. I will report if I succeeded. Thanks ! 2010/2/16 Paul Howarth <paul@xxxxxxxxxxxx>: > On 15/02/10 21:54, Tristan Santore wrote: >> On 15/02/10 21:44, Shintaro Fujiwara wrote: >>> Hi, I'm now making server at my office with f12. >>> I'm moved by how easy SELinux became to configure anythinng after all >>> these years. >>> >>> I have mounted HDs on /mnt/path or /media/path. >>> >>> The HDs are mounted on /mnt/path which reside valuable data inside, >>> and on /media/path >>> which has backup tar balls. >>> >>> The one on /mnt/path are shared data by samba so that some >>> organization unit guys can read and write through network. >>> >>> First,I set >>> #chmod 777 /mnt/path >>> and this is just a test, so it's not controversial. >>> Second, after I read smb.conf, and I found SELinux configuration >>> telling to set path to samba_share_t by chcon. >>> I made it and it was a success, I could read and write from network to >>> /mnt/path. >>> >>> Next, I commanded, >>> # restorecon -R -v /mnt >>> and /mnt/path became mnt_t. >>> In that, I failed both read nor write. >>> >>> I made local module by audit2allow and installed by semodule -i. >>> Of course, I restoreconed. >>> I failed again. >>> >>> I did >>> # touch /.autorelabel >>> # shutdown -r now >>> >>> I failed. >>> >>> security context of /mnt/path is still mnt_t. >>> >>> How can I set security context of /mnt/path to samba_share_t not using >>> chcon ? > > The module you created using audit2allow will have a .fc file. Add the > following line to that file: > > /mnt/path(/.*)? gen_context(system_u:object_r:samba_share_t,s0) > > Then edit the .te file to increase the module version number (the number > in the policy_module declaration at the top) and rebuild the .pp file. > > When you've done that, use "semodule -u" to update the policy module. > > You'll then be able to do "restorecon -R -v /mnt/path" and it'll be > samba_share_t. > > Paul. > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > -- http://intrajp.no-ip.com/ Home Page -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
