mount.cifs and credentials file
Paul Howarth
paul at city-fan.org
Fri Mar 16 13:18:42 UTC 2007
Dawid Gajownik wrote:
> On 3/16/07, Paul Howarth <paul at city-fan.org> wrote:
>> You're probably having problems with trying to read /root before you
>> even get to the credentials file. What I use is this:
>
> May I ask you what version of selinux-policy-targeted do you have in
> your system? I changed configuration and still have AVC messages:
>
> audit(1174047007.131:6): avc: denied { read } for pid=2242
> comm="mount.cifs" name="smbcredential-polsl" dev=sda1 ino=131578
> scontext=system_u:system_r:mount_t:s0
> tcontext=user_u:object_r:samba_etc_t:s0 tclass=file
>
> [gajownik at cyklop ~]$ ls -lZ /etc/samba/
> -rw-r--r-- root root system_u:object_r:samba_etc_t lmhosts
> -rw-r--r-- root root system_u:object_r:samba_etc_t smb.conf
> -rw------- root root user_u:object_r:samba_etc_t smbcredential-polsl
> [gajownik at cyklop ~]$
>
> fstab:
> //dionizos/usr /srv/dionizos cifs
> credentials=/etc/samba/smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir
>
> _mode=0777 0 0
>
> selinux-policy-targeted-2.4.6-42.fc6
Curious:
# rpm -q selinux-policy
selinux-policy-2.4.6-42.fc6
I haven't changed my setup for this for a long time though, and it's
been working fine.
Looking at the policy sources, I think it may be working for me because
I have the allow_mount_anyfile boolean set (I have some ISO images
loopback mounted, and needed the boolean set to do that).
Paul.
More information about the fedora-selinux-list
mailing list