-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel B. Thurman wrote:
| Stephen Smalley
| |Daniel B. Thurman wrote:
| |> |You can certainly generate a local policy module that gives
| |> |access to fusefs_t, but it would be better if we could get
| |> |the context mount option to work.
| |>
| |> I will try anything you suggest. Let me know if you can
| |> resolve this issue, otherwise let me know (in detail) how
| |> to write a policy as a last resort?
| |
| |To generate local policy for this issue, you'd do something like this:
| |
| |$ su -
| |# ausearch -m AVC | grep fuse | audit2allow -M myfuse
| |# semodule -i myfuse.pp
| |
| |Then the fuse-related denials should be allowed.
|
| Uh, almost. It still will not allow me to chmod or chgrp
| the mounted filesystem which means that I cannot write to
| the shared NTFS filesystem without assigning the proper
| permissions. I have set samba properties to allow writes
| but apparently this problem resides with fuse again. Grr.
|
| What can I do to allow samba shared writes?
|
| Thanks!
| Dan
Look for additional AVC's with ausearch
You can run the above command another time.
You can put the machine into permissive mode and gather all of the AVC
messages
setenforce 0
Run your test
ausearch -m AVC | grep fuse | audit2allow -M myfuse
semodule -i myfuse.pp
setenforce 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkgq58sACgkQrlYvE4MpobPUCwCeOmeEF6ayyczUASCAfMzi05DD
j60AnRwY+T5dlMRTJOtzvZcY605JjW+a
=hWbq
-----END PGP SIGNATURE-----