Bug 169947
Summary: | Need to share nfs mounts via samba | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-05 15:06:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Orion Poplawski
2005-10-05 16:50:52 UTC
Can you use the context=system_u:object_r:samba_share_t on the nfs mount? mount -o context=system_u:object_r:samba_share_t server:nfs /mnt/nfs Is this going to conflict with other possible uses of the nfs mounted directories? Samba is not the primary mode of access. Also, these are done via automount NIS maps shared on all machines, but only on exports via samba. Not sure I want the context to be samba_share_t on all machines... Yes, This is not a good solution for you. You might want to add r_dir_file(smbd_t, nfs_t) or rw_dir_file(smbd_t, nfs_t) to a local.te file and rebuild policy sources. Then we can bring up a discussion on the general list if this functionality should get into the general policy. Another thought might be to mount as system_u:object_r:user_home_t since I'm already using use_samba_home_dirs. Fixed in selinux-policy-*-1.27.1-2.6 Really? What was the fix? I don't see any reference to smbd_t and nfs_t in policy.conf. Sorry accidenly grabbed the wrong bugzilla for a global change. Did the user_home_t mount work? Dan Well, it breaks kde logins if I mount the nfs home dirs this way: type=AVC msg=audit(1129664841.283:12): avc: denied { associate } for pid=2828 comm="kdm" name=".Xauthority-c" scontext=system_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem type=AVC msg=audit(1129664846.151:13): avc: denied { associate } for pid=2936 comm="mktemp" name="KDE.startkde.el2936" scontext=user_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem type=AVC msg=audit(1129664846.487:16): avc: denied { associate } for pid=2776 comm="kdm" name=".Xauthority-c" scontext=system_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem type=AVC msg=audit(1129664858.984:22): avc: denied { associate } for pid=2981 comm="kdm" name=".Xauthority-c" scontext=system_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem type=AVC msg=audit(1129664862.228:23): avc: denied { associate } for pid=3086 comm="mktemp" name="KDE.startkde.ml3086" scontext=user_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem type=AVC msg=audit(1129664862.552:26): avc: denied { associate } for pid=2943 comm="kdm" name=".Xauthority-c" scontext=system_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem haven't tested with samba shares yet... It also breaks a backup process where I use rsync to backup to an nfs mounted directory: type=AVC msg=audit(1129717494.234:867): avc: denied { associate } for pid=23019 comm="rsync" name=".yp.colorado-research.com.2.x2RrHD" scontext=system_u:object_r:user_home_t tcontext=system_u:object_r:user_home_t tclass=filesystem Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed |