Can't export samba share

Steve Blackwell zephod at cfl.rr.com
Fri Jul 25 23:27:11 UTC 2008 

I've been out of town for a few days but there were no new postings
while I was away and I still don't have a solution for this.

Steve Blackwell wrote: 
> I have a dual boot F8/XP machine and I want to export, via samba, the 
> NTFS partition so that I can use it to back up my wife's Vista
> machine. It seems that selinux is preventing this from happening.
> Here is the summary message from setroubleshoot: 
> 
> SELinux is preventing the samba daemon from serving r/o local files
> to remote clients. 
> 
> and the Allowing Access section says: 
> 
> If you want to export file systems using samba you need to turn on
> the samba_export_all_ro boolean: "setsebool -P
> samba_export_all_ro=1". The following command will allow this
> access:setsebool -P samba_export_all_ro=1 
> 
> There seems to be 2 problems here; 1) The filesystem that I'm trying
> to export is read-write not read-only and 2) I have already set 
> samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I 
> even set samba_run_unconfined=1 and I still get the same messages. 
> 
> Here is the filesystem I'm trying to export: 
> 
> # cat /etc/fstab | grep ntfs 
> /dev/sdb1    /mnt/c_drive    ntfs-3g rw,defaults,umask=0000  0 0 
> 
> # ls -lZ /mnt 
> drwxrwxrwx  root root system_u:object_r:fusefs_t:s0 c_drive 
> 
> Here is the /etc/samba/smb.conf stanza: 
> [Kellie] 
>         comment = Winblows backup 
>         path = /mnt/c_drive 
>         writable = yes 
>         browseable = yes 
>         valid users = Kellie 
> 
> User Kellie can see the Kellie share from her Vista computer but 
> whenever she tries to use it, I get an AVC. 
> 
> # rpm -qa | grep selinux 
> libselinux-python-2.0.43-1.fc8 
> selinux-policy-devel-3.0.8-109.fc8 
> libselinux-devel-2.0.43-1.fc8 
> selinux-policy-3.0.8-109.fc8 
> libselinux-2.0.43-1.fc8 
> selinux-policy-targeted-3.0.8-109.fc8 
> 
> # uname -sr 
> Linux 2.6.25.10-47.fc8 
> 
> I suppose I could go back to permissive mode but I'd like to get this 
> to work. 
> 
> Any suggestion? 
> Thanks, 
> Steve

More information about the fedora-selinux-list mailing list