Cool

On Sat, 19 Dec 2020 at 23:30, Chuck Anderson via WLUG <wlug@lists.wlug.org> wrote:
I think you should not need samba_export_all_ro/rw if you set
samba_share_t on the folder(s) you want to export (as long as the
shared folders are not standard directories like /usr).  It just makes
things too permissive, negating some of the protection SELinux
provides by allowing Samba to read/write every file on the system, not
just the ones you've labelled samba_share_t.

See:

https://selinuxproject.org/page/SambaRecipes

You may actually need a different fcontext pattern match to cover subdirectories:

# semanage fcontext -a -t samba_share_t "/samba(/.*?)"
# restorecon -R -v /samba


On Sat, Dec 19, 2020 at 11:05:11PM -0500, Mher Mnatsakanyan via WLUG wrote:
> I guess I asked this question too early. I figured this out running the
> following commands and the mount worked on the client side.
>
> # setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
> # semanage fcontext -a -t samba_share_t "/samba"
> # restorecon -v /samba
>
> Respectfully,
> Mher Mnatsakanyan
>
> On Sat, 19 Dec 2020 at 22:19, Mher Mnatsakanyan <mnatsmher@gmail.com> wrote:
>
> > Hi everyone.
> >
> > I hope everything is well  with all of you and yours.
> >
> > I have a question and need help please.
> >
> > I installed a Samba server on CentOS8 which works well.
> >
> > When I try to mount the share from that Samba server on the client side I
> > get a permission denied error. When I set SELinux from Enforcing to
> > Permissive mode it seems to be mounting and the permission denied error
> > goes away. Any suggestions how I can do the same with SELinux enforcing
> > mode?
> >
> > Thank you very much in advance.
> >
> > Respectfully,
> > Mher Mnatsakanyan
_______________________________________________
WLUG mailing list -- wlug@lists.wlug.org
To unsubscribe send an email to wlug-leave@lists.wlug.org
Create Account: https://wlug.mailman3.com/accounts/signup/
Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TEJE6WZKH73JQRVA2OEEVME3DUGX27HF/