On 04/03/16 11:05, ToddAndMargo wrote:
[...snip...]
> # grep denied /var/log/audit/audit.log
> type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
> comm="smbd" name="test" dev="dm-1" ino=593703
> scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
> tclass=dir
> 
> These stem from when I was trying to get SeLinux to work
> on the share.  "Test" was a shared directory.  "Test"
> has since been removed.
> 
> I can browse/use the mount point without issue as
> long as I do not have an NTFS Flash Drive mounted to it.
> 
> No mention of /mnt/iso in the above
> # grep denied /var/log/audit/audit.log | grep iso
> # <nothing>

You skipped the 'audit2allow' tip I gave you.

---------------------------------------------

cat | audit2allow

type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for pid=26451
comm="smbd" name="test" dev="dm-1" ino=593703
scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0
tclass=dir



#============= smbd_t ==============

#!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
allow smbd_t mnt_t:dir write;
---------------------------------------------

See the line "!!!! This avc can...." ... So just do:

  # setsebool -P samba_export_all_rw 1


--
kind regards,

David Sommerseth