[Fwd: Re: Can't export samba share]

[max <maximilianbianco gmail com>]

CURSES!! If it weren't for those damn kids I would have gotten away with 
it too...

-------- Original Message --------
Subject: Re: Can't export samba share
Date: Mon, 21 Jul 2008 11:38:06 -0400
From: max <maximilianbianco gmail com>
To: Steve Blackwell <zephod cfl rr com>
References: <20080721105041 1fd67e05 steve blackwell> 
<4884AA94 1010409 gmail com>

max wrote:
> Steve Blackwell wrote:
> > I have a dual boot F8/XP machine and I want to export, via samba, the
> > NTFS partition so that I can use it to back up my wife's Vista machine.
> > It seems that selinux is preventing this from happening. Here is the
> > summary message from setroubleshoot:
> >
> > SELinux is preventing the samba daemon from serving r/o local files to
> > remote clients.
> > and the Allowing Access section says:
> >
> > If you want to export file systems using samba you need to turn on the
> > samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The
> > following command will allow this access:setsebool -P
> > samba_export_all_ro=1
> >
> > There seems to be 2 problems here; 1) The filesystem that I'm trying to
> > export is read-write not read-only and 2) I have already set
> > samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I
> > even set samba_run_unconfined=1 and I still get the same messages.
>
>  I would try setting samba_export_all_ro=0, leave samba_export_all_rw=1
>
> Those two settings will conflict and denials should always win out over 
> allows.

Just to be clear. I am saying where two settings conflict a denial
should not be surprising, it makes good sense, at least to me.

I am not sure you need samba_run_unconfined here either.

Checkout man ausearch, this can help pull all the AVC's related to this
together, it has many search options. It is worth reading.


Max

--
Fortune favors the BOLD