Samba shares...

Daniel B. Thurman dant at
Wed May 14 20:47:47 UTC 2008

Daniel J Walsh wrote:
|Daniel B. Thurman wrote:
|| Stephen Smalley
|| |Daniel B. Thurman wrote:
|| |> |You can certainly generate a local policy module that gives
|| |> |access to fusefs_t, but it would be better if we could get
|| |> |the context mount option to work.
|| |>
|| |> I will try anything you suggest.  Let me know if you can
|| |> resolve this issue, otherwise let me know (in detail) how
|| |> to write a policy as a last resort?
|| |
|| |To generate local policy for this issue, you'd do something 
|like this:
|| |
|| |$ su -
|| |# ausearch -m AVC | grep fuse | audit2allow -M myfuse
|| |# semodule -i myfuse.pp
|| |
|| |Then the fuse-related denials should be allowed.
|| Uh, almost.  It still will not allow me to chmod or chgrp
|| the mounted filesystem which means that I cannot write to
|| the shared NTFS filesystem without assigning the proper
|| permissions. I have set samba properties to allow writes
|| but apparently this problem resides with fuse again. Grr.
|| What can I do to allow samba shared writes?
|Look for additional AVC's with ausearch
|You can run the above command another time.
|You can put the machine into permissive mode and gather all of the AVC
|setenforce 0
|Run your test
|ausearch -m AVC | grep fuse | audit2allow -M myfuse
|semodule -i myfuse.pp
|setenforce 1

Yup!  That worked!

Thanks, Dan!


More information about the fedora-selinux-list mailing list