LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-03-2009, 12:01 AM   #1
wesbarris
LQ Newbie
 
Registered: Mar 2009
Distribution: CentOS
Posts: 9

Rep: Reputation: 0
selinux, autofs and samba


Hi,

I am running CentOS 5.2 on our server. I am sharing home directories,
nfs mounted directories, and autofs/nfs mounted directories via samba.
I have run the command "setsebool -P samba_enable_home_dirs on" and
the home directories are being shared via samba successfully. I have
added this context option to /etc/fstab to share an nfs mounted
filesystem via samba successfully:

biodata:/data /data nfs rw,auto,bg,soft,context=system_ubject_r:samba_share_t 0 0

So far everything is good. However, we also have "work" directories
which are automounted. I want to share these as well via samba. I
have added the context option to /etc/auto.master:

/work /etc/auto.work rw,soft,intr,context=system_ubject_r:samba_share_t

I have also added the context information to the auto.work map:

ba -context=system_ubject_r:samba_share_t bioactive:/work-ba

Neither of these things has caused the automounted filesystems to
have files with the proper samba_share_t context. As a result, any
attempt to access these via samba from a Windows client fails. If I
temporarily disable selinux (setenforce 0), samba sharing works for
these automounted shares. So, I'm sure that it is a selinux problem
most likely to do with the file context. I just can't figure out how
to specify the context of an automounted filesystem.

Can anyone help?
 
Old 03-03-2009, 02:36 AM   #2
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107
Hi,

As per my knowledge, all samaba shares should have selinux tag, which is set by command

chcon -t samba_share_t /your/samba_share


You can verify this by command
ls -dZ /your/samba_share
 
Old 03-04-2009, 01:16 AM   #3
wesbarris
LQ Newbie
 
Registered: Mar 2009
Distribution: CentOS
Posts: 9

Original Poster
Rep: Reputation: 0
Yes, anything shared via samba should have the context samba_share_t.
The problem is that an automounted filesystem has a context of
system_ubject_r:nfs_t and I am looking for a way to change it.

I can use the command chcon to change the context of the source
files but when those files are accessed via automount their
context is nfs_t. I do not believe that you can change the context
of a file from a mounted filesystem. If I try I get this error
message:

chcon: failed to change context of XXXXX to system_ubject_r:samba_share_t: Operation not supported

As I explained in my original post you can mount an nfs filesystem
and specify the context (which works). I am trying to find a way
to do this with an automounted filesystem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux Message when trying automount/autofs louisb Linux - Security 1 07-28-2007 05:27 AM
please help with autofs and automounting samba shares mmoalem Linux - Software 2 03-20-2007 06:03 PM
samba share timeout and autofs phyrko Linux - Software 2 07-06-2006 12:31 PM
samba & autofs (automount) acb67 Linux - Networking 4 06-10-2004 11:57 AM
Mounting samba windoze shares using autofs Rounan Linux - Software 2 12-05-2003 06:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration