Cool On Sat, 19 Dec 2020 at 23:30, Chuck Anderson via WLUG <wlug@lists.wlug.org> wrote:
I think you should not need samba_export_all_ro/rw if you set samba_share_t on the folder(s) you want to export (as long as the shared folders are not standard directories like /usr). It just makes things too permissive, negating some of the protection SELinux provides by allowing Samba to read/write every file on the system, not just the ones you've labelled samba_share_t.
See:
https://selinuxproject.org/page/SambaRecipes
You may actually need a different fcontext pattern match to cover subdirectories:
# semanage fcontext -a -t samba_share_t "/samba(/.*?)" # restorecon -R -v /samba
On Sat, Dec 19, 2020 at 11:05:11PM -0500, Mher Mnatsakanyan via WLUG wrote:
I guess I asked this question too early. I figured this out running the following commands and the mount worked on the client side.
# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 # semanage fcontext -a -t samba_share_t "/samba" # restorecon -v /samba
Respectfully, Mher Mnatsakanyan
On Sat, 19 Dec 2020 at 22:19, Mher Mnatsakanyan <mnatsmher@gmail.com> wrote:
Hi everyone.
I hope everything is well with all of you and yours.
I have a question and need help please.
I installed a Samba server on CentOS8 which works well.
When I try to mount the share from that Samba server on the client side I get a permission denied error. When I set SELinux from Enforcing to Permissive mode it seems to be mounting and the permission denied error goes away. Any suggestions how I can do the same with SELinux enforcing mode?
Thank you very much in advance.
Respectfully, Mher Mnatsakanyan
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TEJE6W...