SCIENTIFIC-LINUX-USERS Archives

March 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: samba and ntfs flash drives ???
From:
ToddAndMargo <[log in to unmask]>
Reply To:
ToddAndMargo <[log in to unmask]>
Date:
Fri, 4 Mar 2016 03:48:24 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (108 lines) 
On 03/04/2016 03:39 AM, ToddAndMargo wrote:
> On 03/04/2016 02:59 AM, David Sommerseth wrote:
>> On 04/03/16 11:05, ToddAndMargo wrote:
>> [...snip...]
>>> # grep denied /var/log/audit/audit.log
>>> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for
>>> pid=26451
>>> comm="smbd" name="test" dev="dm-1" ino=593703
>>> scontext=system_u:system_r:smbd_t:s0
>>> tcontext=unconfined_u:object_r:mnt_t:s0
>>> tclass=dir
>>>
>>> These stem from when I was trying to get SeLinux to work
>>> on the share.  "Test" was a shared directory.  "Test"
>>> has since been removed.
>>>
>>> I can browse/use the mount point without issue as
>>> long as I do not have an NTFS Flash Drive mounted to it.
>>>
>>> No mention of /mnt/iso in the above
>>> # grep denied /var/log/audit/audit.log | grep iso
>>> # <nothing>
>>
>> You skipped the 'audit2allow' tip I gave you.
>>
>> ---------------------------------------------
>>
>> cat | audit2allow
>>
>> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for
>> pid=26451
>> comm="smbd" name="test" dev="dm-1" ino=593703
>> scontext=system_u:system_r:smbd_t:s0
>> tcontext=unconfined_u:object_r:mnt_t:s0
>> tclass=dir
>>
>>
>>
>> #============= smbd_t ==============
>>
>> #!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
>> allow smbd_t mnt_t:dir write;
>> ---------------------------------------------
>>
>> See the line "!!!! This avc can...." ... So just do:
>>
>>    # setsebool -P samba_export_all_rw 1
>>
>>
>> --
>> kind regards,
>>
>> David Sommerseth
>>
>>
>>
>
>
>
> # grep denied /var/log/audit/audit.log | grep iso | audit2allow
> Nothing to do
>
>
> #  grep denied /var/log/audit/audit.log | audit2allow
>
> #============= logrotate_t ==============
> allow logrotate_t home_root_t:dir read;
> allow logrotate_t init_t:service reload;
>
> #============= smbd_t ==============
>
> #!!!! This avc is allowed in the current policy
> allow smbd_t mnt_t:dir write;
>
> #!!!! This avc is allowed in the current policy
> allow smbd_t mnt_t:file getattr;
>
>
> Couldn't figure out what the above meant.
>
>
> As you recommended, I ran
>     # setsebool -P samba_export_all_rw 1
>
> Now W7 says the directory is empty
>
>
>


Wait.  Hold everything.  I was in the wrong iso share.

And "# setsebool -P samba_export_all_rw 1" fixed it.
And I have full read/wrie too.


Yippee!

thankyouthankyouthankyouthankyouthankyouthankyouthankyou



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ATOM RSS1 RSS2