On 04/03/16 11:05, ToddAndMargo wrote:
[...snip...]
> # grep denied /var/log/audit/audit.log
> type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451
> comm="smbd" name="test" dev="dm-1" ino=593703
> scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
> tclass=dir
>
> These stem from when I was trying to get SeLinux to work
> on the share. "Test" was a shared directory. "Test"
> has since been removed.
>
> I can browse/use the mount point without issue as
> long as I do not have an NTFS Flash Drive mounted to it.
>
> No mention of /mnt/iso in the above
> # grep denied /var/log/audit/audit.log | grep iso
> # <nothing>
You skipped the 'audit2allow' tip I gave you.
---------------------------------------------
cat | audit2allow
type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451
comm="smbd" name="test" dev="dm-1" ino=593703
scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
tclass=dir
#============= smbd_t ==============
#!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
allow smbd_t mnt_t:dir write;
---------------------------------------------
See the line "!!!! This avc can...." ... So just do:
# setsebool -P samba_export_all_rw 1
--
kind regards,
David Sommerseth