similar to: ARGH... once again samba causes "permission" errors. SOLVED

Summary: SELinux prevented mount from mounting on the file or directory "./Fedora-9-Everything-i386-DVD1.iso" (type "samba_share_t"). Detailed Description: SELinux prevented mount from mounting a filesystem on the file or directory "./Fedora-9-Everything-i386-DVD1.iso" of type "samba_share_t". By default SELinux limits the mounting of filesystems to only

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ >

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but the context is always reset to: system_u:object_r:var_t What am I missing? Best Regards Marcus

Just installed 7.2, and I'm seeing this - is this a bug in the policy? ************************** SELinux is preventing systemd-readahe from add_name access on the directory .readahead.new. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow systemd-readahe to have add_name access on the .readahead.new directory Then you need to change the

I started the Dovecot POP3 server under Fedora Core 6 (rpm dovecot-1.0-1.1.rc15.fc6), but some users couldn't connect, with /var/log/maillog show the message Jan 24 13:20:00 mmace dovecot: chdir(/branch/home/mmace) failed with uid 205: Permission denied Jan 24 13:20:00 mmace dovecot: child 18792 (pop3) returned error 89 (I had already edited first_valid_UID in /etc/dovecot.conf to allow

Thanks Fabian, That's what I need! A bit more open than I wish but it is ok. One more thing... I got some problems to get the man page for tftpd_selinux. [ ]$ yum search tftpd_selinux Loaded plugins: fastestmirror, langpacks Determining fastest mirrors Warning: No matches found for: tftpd_selinux No matches found [ ~]$ yum provides tftpd_selinux Loaded plugins: fastestmirror, langpacks

We?ve just started to try to configure a new CentOS 7 disk server, and NFS seems OK so far, but I?m having problems with smb mounts to a Mac OS X client. I have the [homes] section as usual, and some additional shares restricted to specific users, but none seem to work. I know I?m authenticating OK (both from the smbd logs and because when I type the wrong password the Mac?s behavior is

Hello, I am successfully connecting my Windows box to a RHEL 5 over SMB. This works for both mounting a regular share as well as (my own implementation of) a FUSE mountpoint. On RHEL 6 I can only mount a regular share, but not a FUSE mountpoint. I am getting a Permission Denied error. On both machines I have disabled firewall and I set SELinux to permissive. Does anybody know why this

I few weeks back my server started having a problem where all shares are now readonly. AFAIK nothing has changed except a 'yum update' which was probably around the same time. Everyone still has the shares on their Win7 PC's and can see the contents. However, if they try to open a file it opens read only. If the try to create a new file (e.g. right click -> New -> Text

Hi all. I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course! SELINUX-CONFIG sh-4.1# cat

In this wiki article: https://wiki.centos.org/HowTos/SetUpSamba ?there is a command down in section 2 that gives an error here on CentOS 7: $ sudo semanage fcontext ?at samba_share_t /path/to/share ?noise noise noise? semanage: error: unrecognized arguments: samba_share_t /path/to/share That and the following restorecon command can be replaced by a single shorter command, which

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary rules to your

On May 4, 2018, at 5:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > > On 05/04/2018 12:03 PM, Warren Young wrote: >> ?there is a command down in section 2 that gives an error here on CentOS 7: >> >> $ sudo semanage fcontext ?at samba_share_t /path/to/share >> ?noise noise noise? >> semanage: error: unrecognized arguments:

Only Mac clients are affected? Have you tested a Linux (e.g. Fedora 25 live OS would do) client? It's necessary for all files to have selinux context system_u:object_r:samba_share_t:s0. You can either user chcon -R to apply it recursively to a particular directory you're sharing, or if it's an entire (dedicated) volume, you can apply it volume wide with a mount option, 'mount -o

> On Jan 3, 2017, at 1:24 PM, Chris Murphy <lists at colorremedies.com> wrote: > > Only Mac clients are affected? Have you tested a Linux (e.g. Fedora 25 > live OS would do) client? > > It's necessary for all files to have selinux context > system_u:object_r:samba_share_t:s0. You can either user chcon -R to > apply it recursively to a particular directory

Pretty sure smb gets "control" of a directory via the group. For my setup, each directory defined by a path in smb.conf has group smbusers, and has rwx permissions. This is applied just to that directory, it is not applied recursively. The files and folders in that directory have the actual remote user's ownership and permissions. What is applied recursively is the selinux label. I

On May 4, 2018, at 3:03 PM, Akemi Yagi <amyagi at gmail.com> wrote: > > On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren at etr-usa.com> wrote: >> >> $ sudo chcon -R -t samba_share_t /path/to/share > > Updated the page as suggested. Thanks. Thanks! I now see another instance of this in section 3. Instead of copying the text verbatim, it should