Why can't I set /mnt/path to samba_share_t ?
Tristan Santore
tristan.santore at internexusconnect.net
Mon Feb 15 21:54:48 UTC 2010
On 15/02/10 21:44, Shintaro Fujiwara wrote:
> Hi, I'm now making server at my office with f12.
> I'm moved by how easy SELinux became to configure anythinng after all
> these years.
>
> I have mounted HDs on /mnt/path or /media/path.
>
> The HDs are mounted on /mnt/path which reside valuable data inside,
> and on /media/path
> which has backup tar balls.
>
> The one on /mnt/path are shared data by samba so that some
> organization unit guys can read and write through network.
>
> First,I set
> #chmod 777 /mnt/path
> and this is just a test, so it's not controversial.
> Second, after I read smb.conf, and I found SELinux configuration
> telling to set path to samba_share_t by chcon.
> I made it and it was a success, I could read and write from network to
> /mnt/path.
>
> Next, I commanded,
> # restorecon -R -v /mnt
> and /mnt/path became mnt_t.
> In that, I failed both read nor write.
>
> I made local module by audit2allow and installed by semodule -i.
> Of course, I restoreconed.
> I failed again.
>
> I did
> # touch /.autorelabel
> # shutdown -r now
>
> I failed.
>
> security context of /mnt/path is still mnt_t.
>
> How can I set security context of /mnt/path to samba_share_t not using chcon ?
>
> Thanks in advance.
>
> ----SELinux tool-----
> http://sourceforge.net/projects/segatex/
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
You can use semanage fcontext to set labeling for certain directories or
files.
We have got some SElinux docs at docs.fedoraproject.org,
if you are interested.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefor no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3388 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100215/45d8fc4a/attachment.bin
More information about the selinux
mailing list