Daniel J Walsh
dwalsh at redhat.com
Wed May 14 13:23:23 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Daniel B. Thurman wrote:
| Stephen Smalley
| |Daniel B. Thurman wrote:
| |> |You can certainly generate a local policy module that gives
| |> |access to fusefs_t, but it would be better if we could get
| |> |the context mount option to work.
| |> I will try anything you suggest. Let me know if you can
| |> resolve this issue, otherwise let me know (in detail) how
| |> to write a policy as a last resort?
| |To generate local policy for this issue, you'd do something like this:
| |$ su -
| |# ausearch -m AVC | grep fuse | audit2allow -M myfuse
| |# semodule -i myfuse.pp
| |Then the fuse-related denials should be allowed.
| Uh, almost. It still will not allow me to chmod or chgrp
| the mounted filesystem which means that I cannot write to
| the shared NTFS filesystem without assigning the proper
| permissions. I have set samba properties to allow writes
| but apparently this problem resides with fuse again. Grr.
| What can I do to allow samba shared writes?
Look for additional AVC's with ausearch
You can run the above command another time.
You can put the machine into permissive mode and gather all of the AVC
Run your test
ausearch -m AVC | grep fuse | audit2allow -M myfuse
semodule -i myfuse.pp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list