-----BEGIN PGP SIGNED MESSAGE-----
~ I have run into a problem with reading a credentials file from fstab
at startup. I have been working with Dan Walsh and have at least a
temporary resolution. Details of our e-mail conversation are below:
I get Error 13 talking about access denied
to the credentials file. If SELinux is sent to permissive, this is not
an issue. I have tried 20 different searches on google, samba.org
several fedora sites to try to get the context required for the
credentials file to be accessible to the startup scripts that process
current SELinux context of credentials file:
# ls -lZ /root/.smb/yyy
- -rw-r----- root root system_u:object_r:user_home_t:s0 /root/.smb/yyy
//mtc1-server/progs /media/mtc1-server/progs cifs
~ If I use "su -" and manually mount the share, passing only the
directory to the mount command, it completes with no errors. This is
only an issue at startup.
You should execute
# grep mount_t /var/log/audit/audit.log | audit2allow -M mysamba
# semodule -i mysamba.pp
This will add the new rule.
If anybody wants/needs more details, feel free to contact me.
The solution I use, which I think is cleaner, is to put the credentials
file in /etc/samba (where it should be labelled samba_etc_t) and to set
the allow_mount_anyfile boolean:
# setsebool -P allow_mount_anyfile 1
No local policy module needed.