Can't export samba share

Daniel J Walsh dwalsh at redhat.com
Wed Jul 30 18:47:44 UTC 2008 

max bianco wrote:
> On Sat, Jul 26, 2008 at 2:25 PM, Steve Blackwell <zephod at cfl.rr.com> wrote:
>>> On Fri, Jul 25, 2008 at 7:27 PM, Steve Blackwell <zephod at cfl.rr.com>
>>> wrote:
>>>> I've been out of town for a few days but there were no new postings
>>>> while I was away and I still don't have a solution for this.
>>>>
>>> Might I suggest posting the AVC's so that everyone can see what is
>>> going on.\
>> I'm going to give it one more day and after that I'm going to have to
>> turn selinux off.
>>
> This seems a bit extreme. Have you tried looking at the tools
> available to help you?
> audit2why and audit2allow
> I have used these in the past to help me resolve my issues. It would
> help if you could say you had tried these, if you could at least show
> the output they provide you. I will help you as much as I can because
> I am interested in learning more, getting others to help is usually
> easier if they can see you are trying to resolve it yourself rather
> than relying on them to just provide an easy answer which incidentally
> will teach you nothing.
> 
> 
>> This is from audit.log:
>>
>> type=AVC msg=audit(1217030414.315:34): avc:  denied  { read } for
>> pid=7099 comm="smbd" name="/" dev=sdb1 ino=5
>> scontext=system_u:system_r:smbd_t:s0
>> tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
>>
> This says that smbd is being denied the read permission for files of
> the type fusefs
> the _t is a convention that says "This is a type"
> 
> So you need a rule that allows smbd_t to read fusefs_t.
> So try something like this:
> 
> ausearch -a 34 | audit2allow
> 
> what this will do is search the audit log for all the AVC's related to
> this particular instance of smbd attempting its read access and feed
> them to audit2allow. Audit2allow will generate some rule(s) based on
> these AVC's. It doesn't mean you should blindly implement them but if
> you can show the output , it can help in the process of fixing the
> denial, if nothing else it will show the more experienced hands that
> you have used the tools provided to at least try. You could substitute
> audit2why in place of audit2allow and it will attempt to explain what
> caused the denial. Can you post this to the list?
> 
> -Max
> 
> 
Sorry I was away at OLS last week and am just getting back though the
emails.

What OS are you running?

samba_share_fusefs is a boolean in Fedora 9 and Rawhide that allows the
sharing of fusefs file systems in samba with selinux.

setsebool -P samba_share_fusefs 1

More information about the fedora-selinux-list mailing list