Samba shares...

Daniel J Walsh dwalsh at
Wed May 14 13:23:23 UTC 2008

Hash: SHA1

Daniel B. Thurman wrote:
| Stephen Smalley
| |Daniel B. Thurman wrote:
| |> |You can certainly generate a local policy module that gives
| |> |access to fusefs_t, but it would be better if we could get
| |> |the context mount option to work.
| |>
| |> I will try anything you suggest.  Let me know if you can
| |> resolve this issue, otherwise let me know (in detail) how
| |> to write a policy as a last resort?
| |
| |To generate local policy for this issue, you'd do something like this:
| |
| |$ su -
| |# ausearch -m AVC | grep fuse | audit2allow -M myfuse
| |# semodule -i myfuse.pp
| |
| |Then the fuse-related denials should be allowed.
| Uh, almost.  It still will not allow me to chmod or chgrp
| the mounted filesystem which means that I cannot write to
| the shared NTFS filesystem without assigning the proper
| permissions. I have set samba properties to allow writes
| but apparently this problem resides with fuse again. Grr.
| What can I do to allow samba shared writes?
| Thanks!
| Dan
Look for additional AVC's with ausearch

You can run the above command another time.

You can put the machine into permissive mode and gather all of the AVC

setenforce 0
Run your test
ausearch -m AVC | grep fuse | audit2allow -M myfuse
semodule -i myfuse.pp
setenforce 1
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the fedora-selinux-list mailing list