SCIENTIFIC-LINUX-USERS Archives

March 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: samba and ntfs flash drives ???
From:
ToddAndMargo <[log in to unmask]>
Reply To:
ToddAndMargo <[log in to unmask]>
Date:
Fri, 4 Mar 2016 03:39:31 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (89 lines) 
On 03/04/2016 02:59 AM, David Sommerseth wrote:
> On 04/03/16 11:05, ToddAndMargo wrote:
> [...snip...]
>> # grep denied /var/log/audit/audit.log
>> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
>> comm="smbd" name="test" dev="dm-1" ino=593703
>> scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
>> tclass=dir
>>
>> These stem from when I was trying to get SeLinux to work
>> on the share.  "Test" was a shared directory.  "Test"
>> has since been removed.
>>
>> I can browse/use the mount point without issue as
>> long as I do not have an NTFS Flash Drive mounted to it.
>>
>> No mention of /mnt/iso in the above
>> # grep denied /var/log/audit/audit.log | grep iso
>> # <nothing>
>
> You skipped the 'audit2allow' tip I gave you.
>
> ---------------------------------------------
>
> cat | audit2allow
>
> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
> comm="smbd" name="test" dev="dm-1" ino=593703
> scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
> tclass=dir
>
>
>
> #============= smbd_t ==============
>
> #!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
> allow smbd_t mnt_t:dir write;
> ---------------------------------------------
>
> See the line "!!!! This avc can...." ... So just do:
>
>    # setsebool -P samba_export_all_rw 1
>
>
> --
> kind regards,
>
> David Sommerseth
>
>
>



# grep denied /var/log/audit/audit.log | grep iso | audit2allow
Nothing to do


#  grep denied /var/log/audit/audit.log | audit2allow

#============= logrotate_t ==============
allow logrotate_t home_root_t:dir read;
allow logrotate_t init_t:service reload;

#============= smbd_t ==============

#!!!! This avc is allowed in the current policy
allow smbd_t mnt_t:dir write;

#!!!! This avc is allowed in the current policy
allow smbd_t mnt_t:file getattr;


Couldn't figure out what the above meant.


As you recommended, I ran
    # setsebool -P samba_export_all_rw 1

Now W7 says the directory is empty



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ATOM RSS1 RSS2