SELinux context conflict -- default_ versus samba_share_t
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 8 13:25:32 UTC 2010
On 06/08/2010 08:34 AM, Julian C. Dunn wrote:
> Like many Fedora users, I have a /music mount point on my fileserver.
> I'd like to make this available by Samba and Apache over the local LAN.
>
> I'm confused about what SELinux label I need to give this mountpoint.
> Currently I have it as unconfined_u:object_r:samba_share_t:s0, otherwise
> Samba won't share it. But now Postfix is complaining:
>
> Jun 8 08:20:43 fileserver setroubleshoot: SELinux is preventing
> /usr/libexec/postfix/smtpd "search" access to /music. For complete
> SELinux messages. run sealert -l f1271eda-558f-4389-8eab-04738dcf15cb
>
> Of course, the sealert report advises me to restore to the default context.
>
> Additionally, if I have all of music set as
> unconfined_u:object_r:samba_share_t, httpd can't read the files in there.
>
> What is the right context to set /music to, in order to meet my needs?
>
> - Julian
If you want to share the same data over to "sharing" interfaces you need
to label it public_content_t or public_content_rw_t.
More information about the users
mailing list