Re: mount.cifs and credentials file

[Paul Howarth <paul city-fan org>]

Dawid Gajownik wrote:
> Hi!
>     What's the proper security context of credentials file used by 
> mount.cifs? samba_selinux did not help me and cifs_t is not what I am 
> looking for:
>
> audit(1173946014.366:6): avc:  denied  { read } for  pid=2237 
> comm="mount.cifs" name=".smbcredential-polsl" dev=sda1 ino=2195809 
> scontext=system_u:system_r:mount_t:s0 tcontext=user_u:object_r:cifs_t:s0 
> tclass=file
>
> I've got this line in my fstab:
>
> //dionizos/usr /srv/dionizos          cifs 
> credentials=/root/.smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir_mode=0777 
> 0 0

You're probably having problems with trying to read /root before you 
even get to the credentials file. What I use is this:

//METROPOLIS/Public\040Data  /mnt/samba/public.data     cifs 
uid=paul,gid=paul,credentials=/etc/samba/smbcredentials.paul,dir_mode=0755,file_mode=0644 
0 0

$ ls -lZ /etc/samba
-rw-r--r--  root root system_u:object_r:samba_etc_t    lmhosts
-rw-------  root root user_u:object_r:samba_secrets_t  passdb.tdb
-rw-------  root root user_u:object_r:samba_secrets_t  secrets.tdb
-rw-r--r--  root root system_u:object_r:samba_etc_t    smb.conf
-rw-------  root root user_u:object_r:samba_etc_t      smbcredentials.paul
-rw-r--r--  root root system_u:object_r:samba_etc_t    smbusers

Paul.