<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
I have F8 and every time to I try to access remotely or locally NTFS
filesystems that shared via Samba I get a warning (at the end of this
mesage) from SELinux troubleshooter and can't access the share.<br>
I have tried to mount the filesystem with different context's but none
of them seem to do anything. The shares worked with previous version of
Fedora (F7). I have tried to mount the NTFS volume doing the following
to change it context:<br>
* mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o
context=system_u:system_r:smbd_t<br>
* mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o
context=system_u:object_r:smbd_t<br>
* mount -t ntfs-3g /dev/sda1 /mnt/petteri-c -o
fscontext=system_u:object_r:samba_share_t<br>
and various other mount options such as defcontext= and changed the
context=, fscontext=, and defcontext= parameter values.<br>
But the context stays the same (ls --lcontext):<br>
drwxrwxrwx 1 <u>system_u:object_r:fusefs_t</u> root root 12288
2007-12-12 21:13 petteri-c<br>
<br>
So how I am going tho get SELinux to allow Samba to share mounted NTFS
filesystem? (Sorry about the newbie question :( and possibly bad
english).<br>
SELinux is enforcing/targetted and all the booleans that refer to smbd
are checked allow from SELinux Administration.<br>
<br>
<i>Summary<br>
SELinux is preventing samba (smbd) "read" to <Unknown>
(fusefs_t).<br>
<br>
Detailed Description<br>
SELinux denied samba access to <Unknown>. If you want to
share this<br>
directory with samba it has to have a file context label of
samba_share_t.<br>
If you did not intend to use <Unknown> as a samba repository
it could<br>
indicate either a bug or it could signal a intrusion attempt.<br>
<br>
Allowing Access<br>
You can alter the file context by executing chcon -R -t
samba_share_t<br>
<Unknown> You must also change the default file context files
on the system<br>
in order to preserve them even on a full relabel. "semanage
fcontext -a -t<br>
samba_share_t <Unknown>"<br>
<br>
The following command will allow this access:<br>
chcon -R -t samba_share_t <Unknown><br>
<br>
Additional Information <br>
<br>
Source Context system_u:system_r:smbd_t<br>
Target Context system_u:object_r:fusefs_t<br>
Target Objects None [ dir ]<br>
Affected RPM Packages <br>
Policy RPM selinux-policy-3.0.8-64.fc8<br>
Selinux Enabled True<br>
Policy Type targeted<br>
MLS Enabled True<br>
Enforcing Mode Enforcing<br>
Plugin Name plugins.samba_share<br>
Host Name petteri<br>
Platform Linux petteri 2.6.23.8-63.fc8 #1 SMP Wed
Nov 21<br>
18:51:08 EST 2007 i686 athlon<br>
Alert Count 126<br>
First Seen ke 14. marraskuuta 2007 15:57:05<br>
Last Seen to 13. joulukuuta 2007 07:13:17<br>
Local ID 2f2fd1b5-757e-4b37-a44f-eb76e86a81c2<br>
Line Numbers <br>
<br>
Raw Audit Messages <br>
<br>
avc: denied { read } for comm=smbd dev=sda1 name=/ pid=21782<br>
scontext=system_u:system_r:smbd_t:s0 tclass=dir<br>
tcontext=system_u:object_r:fusefs_t:s0<br>
<br>
<br>
</i>
</body>
</html>