Loading...

fedora-selinux-list@redhat.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

[Fwd: Re: Can't export samba share] max Mon Jul 21 09:01:29 2008

That reply/reply all is a blessing and a curse :^)

-------- Original Message --------
Subject: Re: Can't export samba share
Date: Mon, 21 Jul 2008 11:26:12 -0400
From: max <[EMAIL PROTECTED]>
To: Steve Blackwell <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>

Steve Blackwell wrote:
I have a dual boot F8/XP machine and I want to export, via samba, the
NTFS partition so that I can use it to back up my wife's Vista machine.
It seems that selinux is preventing this from happening. Here is the
summary message from setroubleshoot:

SELinux is preventing the samba daemon from serving r/o local files to
remote clients.
and the Allowing Access section says:

If you want to export file systems using samba you need to turn on the
samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The
following command will allow this access:setsebool -P
samba_export_all_ro=1

There seems to be 2 problems here; 1) The filesystem that I'm trying to
export is read-write not read-only and 2) I have already set
samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I
even set samba_run_unconfined=1 and I still get the same messages.

 I would try setting samba_export_all_ro=0, leave samba_export_all_rw=1

Those two settings will conflict and denials should always win out over
allows.

Here is the filesystem I'm trying to export:

# cat /etc/fstab | grep ntfs
/dev/sdb1    /mnt/c_drive    ntfs-3g rw,defaults,umask=0000  0 0

# ls -lZ /mnt
drwxrwxrwx  root root system_u:object_r:fusefs_t:s0 c_drive

Here is the /etc/samba/smb.conf stanza:
[Kellie]
        comment = Winblows backup
        path = /mnt/c_drive
        writable = yes
        browseable = yes
        valid users = Kellie

User Kellie can see the Kellie share from her Vista computer but
whenever she tries to use it, I get an AVC.

# rpm -qa | grep selinux
libselinux-python-2.0.43-1.fc8
selinux-policy-devel-3.0.8-109.fc8
libselinux-devel-2.0.43-1.fc8
selinux-policy-3.0.8-109.fc8
libselinux-2.0.43-1.fc8
selinux-policy-targeted-3.0.8-109.fc8

# uname -sr
Linux 2.6.25.10-47.fc8

I suppose I could go back to permissive mode but I'd like to get this
to work.

Any suggestion?
Thanks,
Steve

--
fedora-selinux-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-selinux-list