SCIENTIFIC-LINUX-USERS Archives

March 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: samba and ntfs flash drives ???
From:
David Sommerseth <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 4 Mar 2016 11:59:58 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (48 lines) 
On 04/03/16 11:05, ToddAndMargo wrote:
[...snip...]
> # grep denied /var/log/audit/audit.log
> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
> comm="smbd" name="test" dev="dm-1" ino=593703
> scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
> tclass=dir
> 
> These stem from when I was trying to get SeLinux to work
> on the share.  "Test" was a shared directory.  "Test"
> has since been removed.
> 
> I can browse/use the mount point without issue as
> long as I do not have an NTFS Flash Drive mounted to it.
> 
> No mention of /mnt/iso in the above
> # grep denied /var/log/audit/audit.log | grep iso
> # <nothing>

You skipped the 'audit2allow' tip I gave you.

---------------------------------------------

cat | audit2allow

type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
comm="smbd" name="test" dev="dm-1" ino=593703
scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
tclass=dir



#============= smbd_t ==============

#!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
allow smbd_t mnt_t:dir write;
---------------------------------------------

See the line "!!!! This avc can...." ... So just do:

  # setsebool -P samba_export_all_rw 1


--
kind regards,

David Sommerseth

ATOM RSS1 RSS2