Daniel B. Thurman
dant at cdkkt.com
Wed May 14 20:47:47 UTC 2008
Daniel J Walsh wrote:
|Daniel B. Thurman wrote:
|| Stephen Smalley
|| |Daniel B. Thurman wrote:
|| |> |You can certainly generate a local policy module that gives
|| |> |access to fusefs_t, but it would be better if we could get
|| |> |the context mount option to work.
|| |> I will try anything you suggest. Let me know if you can
|| |> resolve this issue, otherwise let me know (in detail) how
|| |> to write a policy as a last resort?
|| |To generate local policy for this issue, you'd do something
|| |$ su -
|| |# ausearch -m AVC | grep fuse | audit2allow -M myfuse
|| |# semodule -i myfuse.pp
|| |Then the fuse-related denials should be allowed.
|| Uh, almost. It still will not allow me to chmod or chgrp
|| the mounted filesystem which means that I cannot write to
|| the shared NTFS filesystem without assigning the proper
|| permissions. I have set samba properties to allow writes
|| but apparently this problem resides with fuse again. Grr.
|| What can I do to allow samba shared writes?
|Look for additional AVC's with ausearch
|You can run the above command another time.
|You can put the machine into permissive mode and gather all of the AVC
|Run your test
|ausearch -m AVC | grep fuse | audit2allow -M myfuse
|semodule -i myfuse.pp
Yup! That worked!
More information about the selinux