On 04/03/16 11:05, ToddAndMargo wrote: [...snip...] > # grep denied /var/log/audit/audit.log > type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 > comm="smbd" name="test" dev="dm-1" ino=593703 > scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 > tclass=dir > > These stem from when I was trying to get SeLinux to work > on the share. "Test" was a shared directory. "Test" > has since been removed. > > I can browse/use the mount point without issue as > long as I do not have an NTFS Flash Drive mounted to it. > > No mention of /mnt/iso in the above > # grep denied /var/log/audit/audit.log | grep iso > # <nothing> You skipped the 'audit2allow' tip I gave you. --------------------------------------------- cat | audit2allow type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir #============= smbd_t ============== #!!!! This avc can be allowed using the boolean 'samba_export_all_rw' allow smbd_t mnt_t:dir write; --------------------------------------------- See the line "!!!! This avc can...." ... So just do: # setsebool -P samba_export_all_rw 1 -- kind regards, David Sommerseth