[Fwd: Re: Can't export samba share]

Steve zephod at cfl.rr.com
Mon Jul 21 16:18:58 UTC 2008 

---- max <maximilianbianco at gmail.com> wrote: 
> CURSES!! If it weren't for those damn kids I would have gotten away with 
> it too...
> 
> -------- Original Message --------
> Subject: Re: Can't export samba share
> Date: Mon, 21 Jul 2008 11:38:06 -0400
> From: max <maximilianbianco at gmail.com>
> To: Steve Blackwell <zephod at cfl.rr.com>
> References: <20080721105041.1fd67e05 at steve.blackwell> 
> <4884AA94.1010409 at gmail.com>
> 
> max wrote:
> > Steve Blackwell wrote:
> >> I have a dual boot F8/XP machine and I want to export, via samba, the
> >> NTFS partition so that I can use it to back up my wife's Vista machine.
> >> It seems that selinux is preventing this from happening. Here is the
> >> summary message from setroubleshoot:
> >>
> >> SELinux is preventing the samba daemon from serving r/o local files to
> >> remote clients.
> >> and the Allowing Access section says:
> >>
> >> If you want to export file systems using samba you need to turn on the
> >> samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The
> >> following command will allow this access:setsebool -P
> >> samba_export_all_ro=1
> >>
> >> There seems to be 2 problems here; 1) The filesystem that I'm trying to
> >> export is read-write not read-only and 2) I have already set
> >> samba_export_all_ro=1. In fact I also set samba_export_all_rw=1 and I
> >> even set samba_run_unconfined=1 and I still get the same messages.
> > 
> >  I would try setting samba_export_all_ro=0, leave samba_export_all_rw=1
> > 
> > Those two settings will conflict and denials should always win out over 
> > allows.

Tried that. No luck.

> Just to be clear. I am saying where two settings conflict a denial
> should not be surprising, it makes good sense, at least to me.
> 
> I am not sure you need samba_run_unconfined here either.

Here is what I have set now:

# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> on
samba_run_unconfined --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
 
> Checkout man ausearch, this can help pull all the AVC's related to this
> together, it has many search options. It is worth reading.

Will do.

Thanks,
Steve

More information about the fedora-selinux-list mailing list