Re: Giving httpd access to a mounted NTFS volume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/09/2010 07:46 AM, Chris Lopes wrote:
> Hi,
> 
> I am using selinux under Fedora 10 (2.6.27.37).
> I have Apache httpd running, and I would like it to be able to serve requests 
> for files which are on a mounted NTFS volume.
> 
First off, please update to a Fedora Release that is supported F12, F13,
F14.


> I have tried to mount the volume with an appropriate context:
> mount -o context=system_u:object_r:httpd_sys_content_t:s0 /dev/somedevice 
> /mnt/somemountpoint
> 
> But the resulting context on files within the mount is 
> still: system_u:object_r:fusefs_t:s0
Open a bug on this, again on an OS that is supported.

I would just add allow rules using audit2allow for now.

# grep http /var/log/audit/audit.log | audit2allow -M myhttp
# semodule -i myhttp.pp

> The mount itself doesn't generate any noteworthy warnings/errors in my logs.
> So of course seliux disallows apache to read the files and generates 
> corresponding denials in my logs.
> No other partition on this device is already mounted.
> 
> Is this a known bug?
> Others seem to have similar issues:
> http://old.nabble.com/mounting-nfs-as-httpd_sys_content_t-under-selinux-td14230083.html
> 
> http://forums.fedoraforum.org/archive/index.php/t-246937.html
> http://old.nabble.com/SELinux-enforcing,-an-external-ntfs-3g-mount,-Samba-and-Fedora-8-td14356238.html
> 
> 
> I guess an alternative is to create a policy that tells selinux to allow httpd 
> to read fuse files, as is described here:
> https://bugzilla.redhat.com/show_bug.cgi?id=631616#c2
> 
> Any ideas?
> 
> Thanks
> 
> 
>       
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkyIzKEACgkQrlYvE4MpobM3XwCfaRvhpwGXloNJ5WHU59HVb3sO
1WUAoIFK6U7TAFcc8EY4UI0yJFlib/zW
=G6S8
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux