SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

[Josef Kubin]

Hello Craig,

Craig Niederberger wrote:
> Hi Fedora SELinux gurus, question from a very perplexed newbie.
> 
> I'm trying to access an external ntfs-3g drive from vmware on Fedora,
> with the drive seen through vmware as a networked samba drive.  I have
> Fedora 8 as the host, VMware Workstation 6.0.2 with Windows XP Pro as
> the guest OS, and SELinux set to enforcing.
> 
> I have the host visible as a networked drive in My Network Places on
> the guest, and can access files in my Fedora 8 home directory, so
> SELinux is at least allowing that.
> 
> The external ntfs-3g drive that I'd like to also access is visible in
> My Network Places on the guest. However, whenever I click on it, I get
> an SELinux AVC Denial, which says SELinux is preventing the samba
> daemon from serving r/o local files to remote clients, and tells me
> that I need to turn on the samba_export_all_ro boolean, which is
> already on.
> 
> The raw audit message that I get in the SELinux popup is:
> avc: denied { read } for comm=smbd dev=sdd1 name=/ pid=4347
> scontext=system_u:system_r:smbd_t:s0 tclass=dir
> tcontext=system_u:object_r:fusefs_t:s0
> 
> I have mounted the ntfs-3g drive so that it matches the ownership of
> my home drive, e.g. the fstab entry is:
> /dev/sdd1 /mnt/media ntfs-3g rw,locale=en_US.utf8,uid=500,gid=1000 0 0

Did you tried to mount your drive with proper context?

/dev/sdd1 /mnt/media ntfs-3g 
rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t 
0 0

> $ ls -al media
> total 233
> drwxrwxrwx 1 craign family 4096 2007-12-12 23:04 .
> drwxr-xr-x 6 root root 4096 2007-12-02 14:13 ..
> drwxrwxrwx 1 craign family 0 2007-09-16 11:31 Craig
> ...
> 
> Can anyone help?
> 
> Many TIA,
> Craig
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Cheers,
Josef Kubin