ok details first:
Key services ::
NFS ( For Mac's in the house)
SAMBA ( for win / trying to export NFS to home network as well)
SELinux : Default policy as shipped with FC11
IPTables: Nothing but the basic FC11 generated file using ' firewall [/ INDENT]via the kde gui.
Ok, so here is my problem: I was having issues exporting Samba and NFS shares AFTER allowing both service via the iptables ( checked the actual file for ACCEPT entries)and running >
sudo chcon -t smaba_share_t /media/storage/albums
sudo setsebool -P samba_export_all_ro on
The odd thing was an error generated after running chcon of "opperation not supported" which makes me wonder if fedora has another way of tagging.
I was able get everything up and running eventually; however, I am still getting alot avc denials ( miss tagged files ) after retagging at reboot.
users are being put into unconfined_u by default ( which from what i have reading kinda mitigates the any advantages of running SELinux). I could use some pointers or a point in the right direction on which way to go with user levels in SELinux as well as addressing the TONZ of avc denials after retag.
Thanks for any help. I couls post some examples of the aduit if it would help. I am just getting used to setting up iptables and account permissions and WHAM...SELinux.