mount.cifs and credentials file

Paul Howarth paul at city-fan.org
Fri Mar 16 13:18:42 UTC 2007


Dawid Gajownik wrote:
> On 3/16/07, Paul Howarth <paul at city-fan.org> wrote:
>> You're probably having problems with trying to read /root before you
>> even get to the credentials file. What I use is this:
> 
> May I ask you what version of selinux-policy-targeted do you have in
> your system? I changed configuration and still have AVC messages:
> 
> audit(1174047007.131:6): avc:  denied  { read } for  pid=2242
> comm="mount.cifs" name="smbcredential-polsl" dev=sda1 ino=131578
> scontext=system_u:system_r:mount_t:s0
> tcontext=user_u:object_r:samba_etc_t:s0 tclass=file
> 
> [gajownik at cyklop ~]$ ls -lZ /etc/samba/
> -rw-r--r--  root root system_u:object_r:samba_etc_t    lmhosts
> -rw-r--r--  root root system_u:object_r:samba_etc_t    smb.conf
> -rw-------  root root user_u:object_r:samba_etc_t      smbcredential-polsl
> [gajownik at cyklop ~]$
> 
> fstab:
> //dionizos/usr /srv/dionizos          cifs
> credentials=/etc/samba/smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir 
> 
> _mode=0777 0 0
> 
> selinux-policy-targeted-2.4.6-42.fc6

Curious:

# rpm -q selinux-policy
selinux-policy-2.4.6-42.fc6

I haven't changed my setup for this for a long time though, and it's 
been working fine.

Looking at the policy sources, I think it may be working for me because 
I have the allow_mount_anyfile boolean set (I have some ISO images 
loopback mounted, and needed the boolean set to do that).

Paul.




More information about the fedora-selinux-list mailing list