[Fwd: Re: Can't export samba share]

max maximilianbianco at gmail.com
Mon Jul 21 15:40:06 UTC 2008 

That reply/reply all is a blessing and a curse :^)

-------- Original Message --------
Subject: Re: Can't export samba share
Date: Mon, 21 Jul 2008 11:26:12 -0400
From: max <maximilianbianco at gmail.com>
To: Steve Blackwell <zephod at cfl.rr.com>
References: <20080721105041.1fd67e05 at steve.blackwell>

Steve Blackwell wrote:
> I have a dual boot F8/XP machine and I want to export, via samba, the
> NTFS partition so that I can use it to back up my wife's Vista machine.
> It seems that selinux is preventing this from happening. Here is the
> summary message from setroubleshoot:
> 
> SELinux is preventing the samba daemon from serving r/o local files to
> remote clients. 
> 
> and the Allowing Access section says:
> 
> If you want to export file systems using samba you need to turn on the
> samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The
> following command will allow this access:setsebool -P
> samba_export_all_ro=1
> 
> There seems to be 2 problems here; 1) The filesystem that I'm trying to
> export is read-write not read-only and 2) I have already set
> samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I
> even set samba_run_unconfined=1 and I still get the same messages.

  I would try setting samba_export_all_ro=0, leave samba_export_all_rw=1

Those two settings will conflict and denials should always win out over
allows.
> 
> Here is the filesystem I'm trying to export:
> 
> # cat /etc/fstab | grep ntfs
> /dev/sdb1    /mnt/c_drive    ntfs-3g rw,defaults,umask=0000  0 0
> 
> # ls -lZ /mnt
> drwxrwxrwx  root root system_u:object_r:fusefs_t:s0 c_drive
> 
> Here is the /etc/samba/smb.conf stanza:
> [Kellie]
>         comment = Winblows backup
>         path = /mnt/c_drive
>         writable = yes
>         browseable = yes
>         valid users = Kellie
> 
> User Kellie can see the Kellie share from her Vista computer but
> whenever she tries to use it, I get an AVC.
> 
> # rpm -qa | grep selinux
> libselinux-python-2.0.43-1.fc8
> selinux-policy-devel-3.0.8-109.fc8
> libselinux-devel-2.0.43-1.fc8
> selinux-policy-3.0.8-109.fc8
> libselinux-2.0.43-1.fc8
> selinux-policy-targeted-3.0.8-109.fc8
> 
> # uname -sr
> Linux 2.6.25.10-47.fc8
> 
> I suppose I could go back to permissive mode but I'd like to get this
> to work.
> 
> Any suggestion?
> Thanks,
> Steve
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list