[FC4] Selinux, samba and sharing a fat32 partition
Paul Howarth
paul at city-fan.org
Fri Aug 19 16:45:47 UTC 2005
Christoph Wickert wrote:
> Am Freitag, den 19.08.2005, 15:58 +0100 schrieb Paul Howarth:
>
>>I've got one working using:
>>
>>/dev/hda5 /data vfat
>>uid=1012,gid=1001,fscontext=system_u:object_r:samba_share_t 0 0
>>
>
>
> I changed my fstab to
>
> /dev/hda7 /mnt/daten vfat
> rw,utf8,showexec,uid=500,gid=500,fmask=113,dmask=002,fscontext=system_u:object_r:samba_share_t 0 0
>
> but samba access still was denied:
>
> type=AVC msg=audit(1124469125.186:5348079): avc: denied { search } for
> pid=4393 comm="smbd" name=mnt dev=hda3 ino=3335809
> scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:mnt_t
> tclass=dir
I get these too but it doesn't stop me accessing the share...
> so I had to
>
> # chcon -t samba_share_t /mnt/
>
> but I wonder if changing the context of the whole /mnt directory is a
> good solution.
Probably not. If you can actually do everything you want to do, a better
option would be to add a local policy rule:
dontaudit smbd_t mnt_t:dir search;
Paul.
More information about the fedora-list
mailing list