Re: samba and ntfs flash drives ???

Fri, 04 Mar 2016 03:49:17 -0800 

On 03/04/2016 03:39 AM, ToddAndMargo wrote:

On 03/04/2016 02:59 AM, David Sommerseth wrote:

On 04/03/16 11:05, ToddAndMargo wrote:
[...snip...]

# grep denied /var/log/audit/audit.log
type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for
pid=26451
comm="smbd" name="test" dev="dm-1" ino=593703
scontext=system_u:system_r:smbd_t:s0
tcontext=unconfined_u:object_r:mnt_t:s0
tclass=dir

These stem from when I was trying to get SeLinux to work
on the share.  "Test" was a shared directory.  "Test"
has since been removed.

I can browse/use the mount point without issue as
long as I do not have an NTFS Flash Drive mounted to it.

No mention of /mnt/iso in the above
# grep denied /var/log/audit/audit.log | grep iso
# <nothing>


You skipped the 'audit2allow' tip I gave you.

---------------------------------------------

cat | audit2allow

type=AVC msg=audit(1457071461.014:2015): avc:  denied  { write } for
pid=26451
comm="smbd" name="test" dev="dm-1" ino=593703
scontext=system_u:system_r:smbd_t:s0
tcontext=unconfined_u:object_r:mnt_t:s0
tclass=dir



#============= smbd_t ==============

#!!!! This avc can be allowed using the boolean 'samba_export_all_rw'
allow smbd_t mnt_t:dir write;
---------------------------------------------

See the line "!!!! This avc can...." ... So just do:

   # setsebool -P samba_export_all_rw 1


--
kind regards,

David Sommerseth







# grep denied /var/log/audit/audit.log | grep iso | audit2allow
Nothing to do


#  grep denied /var/log/audit/audit.log | audit2allow

#============= logrotate_t ==============
allow logrotate_t home_root_t:dir read;
allow logrotate_t init_t:service reload;

#============= smbd_t ==============

#!!!! This avc is allowed in the current policy
allow smbd_t mnt_t:dir write;

#!!!! This avc is allowed in the current policy
allow smbd_t mnt_t:file getattr;


Couldn't figure out what the above meant.


As you recommended, I ran
    # setsebool -P samba_export_all_rw 1

Now W7 says the directory is empty






Wait.  Hold everything.  I was in the wrong iso share.

And "# setsebool -P samba_export_all_rw 1" fixed it.
And I have full read/wrie too.


Yippee!

thankyouthankyouthankyouthankyouthankyouthankyouthankyou



--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reply via email to