Problem with samba mounts via fstab and credentials option
Paul Howarth
paul at city-fan.org
Fri Jan 11 10:07:10 UTC 2008
Dan Thurman wrote:
> On Thursday 10 January 2008 05:06:51 pm Daniel B. Thurman wrote:
>> When one adds a samba share via /etc/fstab and using as an entry:
>> credentials=/etc/share/auth.smb in the options field
>> This file contains sensitive username/password data, has a samba_etc_t type
>> but on reboot, SELinux does not allow the mount.cifs program to read fstab
>> entries containing the credentials mount options and produces an error 13
>> message during the loading of the services. The result is that the mount
>> has failed and must be remounted manually as a root user after the system
>> comes up.
>> The logs show:
>> type=AVC msg=audit(1200012700.796:14): avc: denied { read } for
>> pid=2528 comm="mount.cifs" name="auth.smb" dev=sda5 ino=788340
>> scontext=system_u:system_r:mount_t:s0
>> tcontext=system_u:object_r:samba_etc_t:s0 tclass=file
>> Should I simply attempt to chcon -t mount_t /etc/samba.auth.smb or should
>> this be handled differently?
>> Thanks-
>> Dan
>
> Oops. It should have said: /etc/samba/auth.smb
Try setting the allow_mount_anyfile boolean.
# setsebool -P allow_mount_anyfile 1
Paul.
More information about the fedora-selinux-list
mailing list