SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8
Craig Niederberger
craignied at gmail.com
Sat Dec 15 23:12:33 UTC 2007
Hi Fedora SELinux gurus, question from a very perplexed newbie.
I'm trying to access an external ntfs-3g drive from vmware on Fedora,
with the drive seen through vmware as a networked samba drive. I have
Fedora 8 as the host, VMware Workstation 6.0.2 with Windows XP Pro as
the guest OS, and SELinux set to enforcing.
I have the host visible as a networked drive in My Network Places on
the guest, and can access files in my Fedora 8 home directory, so
SELinux is at least allowing that.
The external ntfs-3g drive that I'd like to also access is visible in
My Network Places on the guest. However, whenever I click on it, I get
an SELinux AVC Denial, which says SELinux is preventing the samba
daemon from serving r/o local files to remote clients, and tells me
that I need to turn on the samba_export_all_ro boolean, which is
already on.
The raw audit message that I get in the SELinux popup is:
avc: denied { read } for comm=smbd dev=sdd1 name=/ pid=4347
scontext=system_u:system_r:smbd_t:s0 tclass=dir
tcontext=system_u:object_r:fusefs_t:s0
I have mounted the ntfs-3g drive so that it matches the ownership of
my home drive, e.g. the fstab entry is:
/dev/sdd1 /mnt/media ntfs-3g rw,locale=en_US.utf8,uid=500,gid=1000 0 0
$ ls -al media
total 233
drwxrwxrwx 1 craign family 4096 2007-12-12 23:04 .
drwxr-xr-x 6 root root 4096 2007-12-02 14:13 ..
drwxrwxrwx 1 craign family 0 2007-09-16 11:31 Craig
...
Can anyone help?
Many TIA,
Craig
More information about the fedora-selinux-list
mailing list