I think you should not need samba_export_all_ro/rw if you set samba_share_t on the folder(s) you want to export (as long as the shared folders are not standard directories like /usr). It just makes things too permissive, negating some of the protection SELinux provides by allowing Samba to read/write every file on the system, not just the ones you've labelled samba_share_t. See: https://selinuxproject.org/page/SambaRecipes You may actually need a different fcontext pattern match to cover subdirectories: # semanage fcontext -a -t samba_share_t "/samba(/.*?)" # restorecon -R -v /samba On Sat, Dec 19, 2020 at 11:05:11PM -0500, Mher Mnatsakanyan via WLUG wrote:
I guess I asked this question too early. I figured this out running the following commands and the mount worked on the client side.
# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 # semanage fcontext -a -t samba_share_t "/samba" # restorecon -v /samba
Respectfully, Mher Mnatsakanyan
On Sat, 19 Dec 2020 at 22:19, Mher Mnatsakanyan <mnatsmher@gmail.com> wrote:
Hi everyone.
I hope everything is well with all of you and yours.
I have a question and need help please.
I installed a Samba server on CentOS8 which works well.
When I try to mount the share from that Samba server on the client side I get a permission denied error. When I set SELinux from Enforcing to Permissive mode it seems to be mounting and the permission denied error goes away. Any suggestions how I can do the same with SELinux enforcing mode?
Thank you very much in advance.
Respectfully, Mher Mnatsakanyan