similar to: SELinux settings for directory shared via NFS and samba?

> On Jul 19, 2019, at 8:27 AM, Leon Fauster via CentOS <centos at centos.org> wrote: > > Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>: >> Hi, >> >> what do I need to do to share the same directory with both NFS and samba? >> SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC >> I can't set both at

Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>: > Hi, > > what do I need to do to share the same directory with both NFS and samba? > SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC > I can't set both at the same time on a directory. Maybe samba_share_nfs boolean? (not tested) -- LF

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ >

I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary rules to your

I have a NFS mount that I want apache to be able to serve files from. According to this doc: http://www.centos.org/docs/5/html/5.1/Deployment_Guide/rhlcommon-section-0097.html I should be able to mount it with a context that will allow apache to access it. But when I try the command they suggest: [root at vm-37:~] mount -t nfs -o \ context=system_u:object_r:httpd_sys_content_t \

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

All test machines are CentOS 5.5 (RHEL subscriptions purchased). We've had NFS3 storage working fine and decided to try NFS4. We can mount an NFS4 share on our KVM host, but the SELinux file context on the mountpoint directory is magically changed from virt_image_t to nfs_t. Restorecon refuses to change it back. Adding the mount option context=system_u:object_r:virt_image_t on either server

Hi list, I'm new to Centos and I've a very small knowledge of selinux use. I can disable it, but I prefer take it on for study. I've a second mirrored device that I use for file sharing. This is the scenario: /dev/md2 mounted on /mnt/data To make samba working I must set the file context to the path at samba_share_t on /mnt/data. After this samba works. Now I'm setting up

Hello, I need to have the tftpdir_rw_t and samba_share_t SELinux context on the same directory. How can we do this? Is it feasible to have more than one SELinux context? Thanks, Bernard

Hi, On an internal webserver (latest C6) I want smb-access to /var/www/html/ In april I did chcon -R -t public_content_rw_t /var/www/html/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts After the latest round

Thanks Fabian, That's what I need! A bit more open than I wish but it is ok. One more thing... I got some problems to get the man page for tftpd_selinux. [ ]$ yum search tftpd_selinux Loaded plugins: fastestmirror, langpacks Determining fastest mirrors Warning: No matches found for: tftpd_selinux No matches found [ ~]$ yum provides tftpd_selinux Loaded plugins: fastestmirror, langpacks

Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but the context is always reset to: system_u:object_r:var_t What am I missing? Best Regards Marcus

I do not want to disable SELinux at large but only for a directory and its sub-directories. On Fri, Sep 16, 2016 at 8:31 AM, Eddie G. O'Connor Jr. <eoconnor25 at gmail.com > wrote: > Not sure about most others, but I was always told that you never disable > Selina. Of course that is in a business/corporate setting. If it's just > you at home with a few servers? Then

In this wiki article: https://wiki.centos.org/HowTos/SetUpSamba ?there is a command down in section 2 that gives an error here on CentOS 7: $ sudo semanage fcontext ?at samba_share_t /path/to/share ?noise noise noise? semanage: error: unrecognized arguments: samba_share_t /path/to/share That and the following restorecon command can be replaced by a single shorter command, which

Hello everyone, I have a problem with oddjob_mkhomedir on a NFS mount point. The actual context is nfs_t drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/ With this type, oddjob_mkhomedir cannot do is job of creating home user directories. In the logs, I found about creating a new module with audi2allow and semodule: [root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598

On May 4, 2018, at 5:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > > On 05/04/2018 12:03 PM, Warren Young wrote: >> ?there is a command down in section 2 that gives an error here on CentOS 7: >> >> $ sudo semanage fcontext ?at samba_share_t /path/to/share >> ?noise noise noise? >> semanage: error: unrecognized arguments: