smb.conf
[code][global]
workgroup = WorkGroup
server string =
netbios name = netfolders
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest = Bad Password
guest account = nobody
passdb backend = tdbsam
local master = no
os level = 0
preferred master = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
show add printer wizard = no
[inout]
path = /mnt/netfolders/inout
writable = yes
guest only = yes
guest ok = yes
create mask = 0600
directory mask = 0700[/code]
[code]# chcon -v -t samba_share_t /mnt/netfolders/inout
# semanage fcontext -a -t samba_share_t '/mnt/netfolders/inout(/.*)?'
# ls -ldZ /mnt/netfolders/inout
drwxr-xr-x. nobody nobody unconfined_u:object_r:samba_share_t:s0 /mnt/netfolders/inout[/code]
[code]ls -la /mnt/netfolders/
drwx------. 3 nobody nobody 4096 Окт 11 15:25 inout
[/code]
but I can't login to inout with enabled selinux :(
[SOLVED] samba guest share and selinux
[SOLVED] samba guest share and selinux
Perhaps, the restorecon command is needed (after semanage) ?
I found [url=http://danwalsh.livejournal.com/14195.html]the article by Dan Walsh[/url], THE selinux guy, very helpful.
I found [url=http://danwalsh.livejournal.com/14195.html]the article by Dan Walsh[/url], THE selinux guy, very helpful.
Re: samba guest share and selinux
[b]solved[/b]
before mount partition:
[code]# ls -ldZ /mnt/netfolders/
drwxr-xr-x. root root unconfined_u:object_r:mnt_t:s0 /mnt/netfolders/[/code]
after mount partition:
[code]# mount /dev/vg_data/lv_netfolders /mnt/netfolders
# ls -ldZ /mnt/netfolders/
drwxr-xr-x. root root system_u:object_r:[b]file_t[/b]:s0 /mnt/netfolders/[/code]
so next command solves problem (even without 'semanage fcontext ...; restorecon ...'):
[code]# chcon -R -t samba_share_t /mnt/netfolders[/code]
before mount partition:
[code]# ls -ldZ /mnt/netfolders/
drwxr-xr-x. root root unconfined_u:object_r:mnt_t:s0 /mnt/netfolders/[/code]
after mount partition:
[code]# mount /dev/vg_data/lv_netfolders /mnt/netfolders
# ls -ldZ /mnt/netfolders/
drwxr-xr-x. root root system_u:object_r:[b]file_t[/b]:s0 /mnt/netfolders/[/code]
so next command solves problem (even without 'semanage fcontext ...; restorecon ...'):
[code]# chcon -R -t samba_share_t /mnt/netfolders[/code]
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: [SOLVED] samba guest share and selinux
Thanks for reporting back. Marking this thread [SOLVED] for posterity.
Re: [SOLVED] samba guest share and selinux
[quote]
cac2s wrote:
so next command solves problem (even without 'semanage fcontext ...; restorecon ...'):
[code]# chcon -R -t samba_share_t /mnt/netfolders[/code][/quote]
Please note that there is an important difference between the [i]chcon[/i] command and the [i]semanage fcontext ...; restorecon[/i] method as written in Dan Walsh's blog referenced previously:
[quote]
# chcon -R -t samba_share_t /var/eng
This label will not survive a relabel. A better solution to make the change permanent, you must tell the SELinux system about the label customization. The semanage command can customize the default file contexts on your machine. restorecon will read the file_context and apply it to the files and directories..
# semanage fcontext -a -t samba_share_t /var/eng(/.*)?
# restorecon -R -v /var/eng
[/quote]
cac2s wrote:
so next command solves problem (even without 'semanage fcontext ...; restorecon ...'):
[code]# chcon -R -t samba_share_t /mnt/netfolders[/code][/quote]
Please note that there is an important difference between the [i]chcon[/i] command and the [i]semanage fcontext ...; restorecon[/i] method as written in Dan Walsh's blog referenced previously:
[quote]
# chcon -R -t samba_share_t /var/eng
This label will not survive a relabel. A better solution to make the change permanent, you must tell the SELinux system about the label customization. The semanage command can customize the default file contexts on your machine. restorecon will read the file_context and apply it to the files and directories..
# semanage fcontext -a -t samba_share_t /var/eng(/.*)?
# restorecon -R -v /var/eng
[/quote]