« Return to Thread: SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8
Re: SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8
by Dudebot
::
Rate this Message:
Thanks for answering my post, Josef. Unfortunately, I'm getting
exactly the same AVC denial and message when trying to access the
drive from vmware. The odd thing is, I can access my home directory
from vmware without problem. The /etc/fstab entry now reads:
/dev/sdd1 /mnt/media ntfs-3g
rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t
0 0
Thanks,
Craig
On Dec 15, 2007 7:10 PM, Josef Kubin <jkubin@...> wrote:
> Hello Craig,
>
> Craig Niederberger wrote:
> > Hi Fedora SELinux gurus, question from a very perplexed newbie.
> >
> > I'm trying to access an external ntfs-3g drive from vmware on Fedora,
> > with the drive seen through vmware as a networked samba drive. I have
> > Fedora 8 as the host, VMware Workstation 6.0.2 with Windows XP Pro as
> > the guest OS, and SELinux set to enforcing.
> >
> > I have the host visible as a networked drive in My Network Places on
> > the guest, and can access files in my Fedora 8 home directory, so
> > SELinux is at least allowing that.
> >
> > The external ntfs-3g drive that I'd like to also access is visible in
> > My Network Places on the guest. However, whenever I click on it, I get
> > an SELinux AVC Denial, which says SELinux is preventing the samba
> > daemon from serving r/o local files to remote clients, and tells me
> > that I need to turn on the samba_export_all_ro boolean, which is
> > already on.
> >
> > The raw audit message that I get in the SELinux popup is:
> > avc: denied { read } for comm=smbd dev=sdd1 name=/ pid=4347
> > scontext=system_u:system_r:smbd_t:s0 tclass=dir
> > tcontext=system_u:object_r:fusefs_t:s0
> >
> > I have mounted the ntfs-3g drive so that it matches the ownership of
> > my home drive, e.g. the fstab entry is:
> > /dev/sdd1 /mnt/media ntfs-3g rw,locale=en_US.utf8,uid=500,gid=1000 0 0
>
> Did you tried to mount your drive with proper context?
>
> /dev/sdd1 /mnt/media ntfs-3g
> rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t
> 0 0
>
> > $ ls -al media
> > total 233
> > drwxrwxrwx 1 craign family 4096 2007-12-12 23:04 .
> > drwxr-xr-x 6 root root 4096 2007-12-02 14:13 ..
> > drwxrwxrwx 1 craign family 0 2007-09-16 11:31 Craig
> > ...
> >
> > Can anyone help?
> >
> > Many TIA,
> > Craig
> >
>
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Cheers,
> Josef Kubin
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
exactly the same AVC denial and message when trying to access the
drive from vmware. The odd thing is, I can access my home directory
from vmware without problem. The /etc/fstab entry now reads:
/dev/sdd1 /mnt/media ntfs-3g
rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t
0 0
Thanks,
Craig
On Dec 15, 2007 7:10 PM, Josef Kubin <jkubin@...> wrote:
> Hello Craig,
>
> Craig Niederberger wrote:
> > Hi Fedora SELinux gurus, question from a very perplexed newbie.
> >
> > I'm trying to access an external ntfs-3g drive from vmware on Fedora,
> > with the drive seen through vmware as a networked samba drive. I have
> > Fedora 8 as the host, VMware Workstation 6.0.2 with Windows XP Pro as
> > the guest OS, and SELinux set to enforcing.
> >
> > I have the host visible as a networked drive in My Network Places on
> > the guest, and can access files in my Fedora 8 home directory, so
> > SELinux is at least allowing that.
> >
> > The external ntfs-3g drive that I'd like to also access is visible in
> > My Network Places on the guest. However, whenever I click on it, I get
> > an SELinux AVC Denial, which says SELinux is preventing the samba
> > daemon from serving r/o local files to remote clients, and tells me
> > that I need to turn on the samba_export_all_ro boolean, which is
> > already on.
> >
> > The raw audit message that I get in the SELinux popup is:
> > avc: denied { read } for comm=smbd dev=sdd1 name=/ pid=4347
> > scontext=system_u:system_r:smbd_t:s0 tclass=dir
> > tcontext=system_u:object_r:fusefs_t:s0
> >
> > I have mounted the ntfs-3g drive so that it matches the ownership of
> > my home drive, e.g. the fstab entry is:
> > /dev/sdd1 /mnt/media ntfs-3g rw,locale=en_US.utf8,uid=500,gid=1000 0 0
>
> Did you tried to mount your drive with proper context?
>
> /dev/sdd1 /mnt/media ntfs-3g
> rw,locale=en_US.utf8,uid=500,gid=1000,context=system_u:system_r:samba_share_t
> 0 0
>
> > $ ls -al media
> > total 233
> > drwxrwxrwx 1 craign family 4096 2007-12-12 23:04 .
> > drwxr-xr-x 6 root root 4096 2007-12-02 14:13 ..
> > drwxrwxrwx 1 craign family 0 2007-09-16 11:31 Craig
> > ...
> >
> > Can anyone help?
> >
> > Many TIA,
> > Craig
> >
>
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Cheers,
> Josef Kubin
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
« Return to Thread: SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8
| Free embeddable forum powered by Nabble | Forum Help |
