search for: public_content_rw_t

Hi, On an internal webserver (latest C6) I want smb-access to /var/www/html/ In april I did chcon -R -t public_content_rw_t /var/www/html/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts After the latest round of updates (including selinux...

I am working towards getting SELinux implemented on a web server that also runs Samba thanks to Thomas Cameron's excellent video https://www.youtube.com/watch?v=_WOKRaM-HI4. I set the SELinux label on the web site folder (which is also the shared folder in Samba) to public_content_rw_t and set the bool smbd_anon_write to 1 so that Apache and Samba can hopefully coexist and Samba has write permission. But periodically RHEL reports: "SELinux is preventing samba-dcerpcd from ioctl access on the directory /export/home/xxx/htdocs" (this is the web site folder and shared fol...

...will show you man pages for everything regarding selinux and domain/process/context </tip> => man tftpd_selinux => search for samba and : <quote> If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. </quote> But read the whole tftpd_selinux and samba_selinux man pages (and they share almost the same conte...

On 12/17/2014 05:07 AM, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- > unconfined_u:object_r:public_content_rw_t:s0" >> > /etc/selinux/targeted/contexts/files/file_contexts > This is incorrect. # sem...

On Wed, December 17, 2014 05:07, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> > /etc/selinux/targeted/contexts/files/file_contexts > > After the latest round...

...he same time on a directory. > > Maybe samba_share_nfs boolean? (not tested) > > -- > LF > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos Might look into ?public_content_rw_t? context as well. ms

...ed with some correctly configured shares so I can access them from my Windows box. It is a proven setup from an older Fedora+Samba setup, though on that other machine I have SELinux disabled. So I set samba_export_all_rw=1 to be able to access the shares whose files and directories are labelled public_content_rw_t by issuing: semanage fcontext -a -t public_content_rw_t '/myrootfolder(/.*)?' restorecon -R -v /myrootfolder After that I can indeed create, write and update files anywhere in the share and its subfolders, I can also delete folders, but I cannot create or rename folders though! sesearc...

...ding > selinux and domain/process/context > </tip> > > => man tftpd_selinux > => search for samba and : > <quote> > If you want to share files with multiple domains (Apache, FTP, rsync, > Samba), you can set a file context of public_content_t and > public_content_rw_t. These context allow any of the above domains to > read the content. > If you want a particular domain to write to the public_content_rw_t > domain, you must set the appropriate boolean. > </quote> > > But read the whole tftpd_selinux and samba_selinux man pages (and the...

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

On Wed, Dec 17, 2014 at 11:07:06AM +0100, Patrick Bervoets wrote: > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts Next time try putting the local policy into: /etc/selinux/targeted/contexts/files/file_contexts.local ... which isn't overwritten by package updates. This is what would have happened if you had used the 'semanage fcontex...

Hi, what do I need to do to share the same directory with both NFS and samba? SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC I can't set both at the same time on a directory.

...get information about ftp virtual user. - - By default users are created under /var/ftp/virtual_users/ . - - Directories created (using vsftpd_virtualuser_add.sh) under /var/ftp/virtual_users/ are owned by the user.group related to the ftp virtual username created, with 750, and the SELinux type public_content_rw_t. - - Check for installed dependencies (vsfptd and db4-utils) Surely it is far from complete. So I put a todo section at the bottom of the page to collect ideas, and at the same time, show the problems of the work so we can workaround it. Best regards, - -- Alain Reguera Delgado <al at ciget.c...

...em in Control Panel to change the computer name and try again." I am running SELinux and have set the following SELinux permissions: "Allow Samba to share nfs directories" "Allow Samba to share users home directories" "Allow Samba to write fines in directories labeled public_content_rw_t" "Disable SELinux protection for nmbd daemon" "Disable SELinux protection for smbd dameon" Below is my smb.conf file: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2007/03/12 18:47:37 [global] workgroup = MYHOME server string = Samba Serve...