Just tried the new Fedora 10 on my PC. The problem is that I want to export all my NTFS drives on F10 via Samba, so that any machine can still access my file even though I am not on Windows. NTFS-3G works quite well and setting up Samba is no longer a problem. Of course, firewall must be adjusted to allow samba protocol. Firestarter is a nice application for the simple thing such as allowing a specific port, a feat that actually requires several rules in iptables config to efficiently permit the protocol.
At that point, I was able to export my home directory via Samba and all NTFS drive can be read/written locally. However, whenever someone over the network tried to write something on the Samba NTFS share, an AVC happened, i.e., SELinux was preventing the write.
Checking the audit log yields something like this
node=raman type=AVC msg=audit(1229096296.441:676): avc: denied { write } for pid=8484 comm="smbd" name="dae" dev=sda5 ino=29 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir node=raman type=SYSCALL
msg=audit(1229096296.441:676): arch=c000003e syscall=83 success=no exit=-13 a0=7f4aa5524b50 a1=1ed a2=7f4aa54dbd70 a3=2f31a70 items=0 ppid=8210 pid=8484 auid=500 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null)
The SETroubleShooter said that to allow such access, I have to
chcon -R -t samba_share_t
but, of course, that is not of much help because the directory is actually the NTFS directory. After googling around, we just need to tell SELinux that we really trust samba to share the FUSE file system, which is used by NTFS-3G, the ntfs driver for Linux. Using the following command simply solves all the problems.
setsebool -P samba_share_fusefs 1
- Log in to post comments