Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-03-2009, 12:01 AM   #1
LQ Newbie
Registered: Mar 2009
Distribution: CentOS
Posts: 9

Rep: Reputation: 0
selinux, autofs and samba


I am running CentOS 5.2 on our server. I am sharing home directories,
nfs mounted directories, and autofs/nfs mounted directories via samba.
I have run the command "setsebool -P samba_enable_home_dirs on" and
the home directories are being shared via samba successfully. I have
added this context option to /etc/fstab to share an nfs mounted
filesystem via samba successfully:

biodata:/data /data nfs rw,auto,bg,soft,context=system_ubject_r:samba_share_t 0 0

So far everything is good. However, we also have "work" directories
which are automounted. I want to share these as well via samba. I
have added the context option to /etc/auto.master:

/work /etc/ rw,soft,intr,context=system_ubject_r:samba_share_t

I have also added the context information to the map:

ba -context=system_ubject_r:samba_share_t bioactive:/work-ba

Neither of these things has caused the automounted filesystems to
have files with the proper samba_share_t context. As a result, any
attempt to access these via samba from a Windows client fails. If I
temporarily disable selinux (setenforce 0), samba sharing works for
these automounted shares. So, I'm sure that it is a selinux problem
most likely to do with the file context. I just can't figure out how
to specify the context of an automounted filesystem.

Can anyone help?
Old 03-03-2009, 02:36 AM   #2
Senior Member
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107

As per my knowledge, all samaba shares should have selinux tag, which is set by command

chcon -t samba_share_t /your/samba_share

You can verify this by command
ls -dZ /your/samba_share
Old 03-04-2009, 01:16 AM   #3
LQ Newbie
Registered: Mar 2009
Distribution: CentOS
Posts: 9

Original Poster
Rep: Reputation: 0
Yes, anything shared via samba should have the context samba_share_t.
The problem is that an automounted filesystem has a context of
system_ubject_r:nfs_t and I am looking for a way to change it.

I can use the command chcon to change the context of the source
files but when those files are accessed via automount their
context is nfs_t. I do not believe that you can change the context
of a file from a mounted filesystem. If I try I get this error

chcon: failed to change context of XXXXX to system_ubject_r:samba_share_t: Operation not supported

As I explained in my original post you can mount an nfs filesystem
and specify the context (which works). I am trying to find a way
to do this with an automounted filesystem.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux Message when trying automount/autofs louisb Linux - Security 1 07-28-2007 05:27 AM
please help with autofs and automounting samba shares mmoalem Linux - Software 2 03-20-2007 06:03 PM
samba share timeout and autofs phyrko Linux - Software 2 07-06-2006 12:31 PM
samba & autofs (automount) acb67 Linux - Networking 4 06-10-2004 11:57 AM
Mounting samba windoze shares using autofs Rounan Linux - Software 2 12-05-2003 06:08 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration