Ask Your Question
1

SELinux + NTFS Samba share problem/workaround.

asked 2015-01-29 13:03:03 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Alright, I have samba configured and running with selinux. I followed the tutorial listed here: https://ask.fedoraproject.org/en/question/40353/how-to-enable-samba-share-for-a-specific-directory-fedora-20/

Shares mounted at /mnt/data work fine with selinux enabled.

The problem is that I have another sata drive mounted at /media/MegaDisk (so that it will display in the FileManager sidebar) does not, even after configuring the same way as in the tutorial.

This /media/MegaDisk shares fine with "setenforce 0" so smb.conf, firewall, et al are set up correctly. The problem appears to be isolated to selinux setup.

This drive is NTFS if that makes a difference.

When I run, for example:

sudo semanage fcontext -a -t samba_share_t  /media/MegaDisk/"Library(/.*)?"

the command appears to run and then drop back to the prompt. But following with:

sudo restorecon -R -v /media/MegaDisk/Library/

there are no context labels (which visibly scroll in the terminal for the /mnt/data shares and are also viewable in the FM properties)

So, the samba_share_t label is not being applied to any share on this drive for some reason. Yes I've searched.. and searched... and searched again... I'm probably missing something obvious which is eluding me in plain sight. The first drive was shared properly within minutes.. I've been dealing with the second for a couple of hours now.

Thanks in advance for and tips, pointers, prayers, animal sacrifices, protection spells, etc..

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2015-01-31 01:36:08 -0500

cgonz31 gravatar image

updated 2015-02-03 22:58:10 -0500

I had the same issue sometime ago. Like the previous answer said, NTFS filesystems do not support SELINUX attributes. If you are automatically mounting the SATA drive at boot, it will appear in the fstab file. The solution (while keeping SELINUX enforcing) is to add the following to the SATA drive entry in the fstab file: context=system_u:object_r:samba_share_t:s0

You can use either the terminal with gedit or your favourite text-editor or the gnome-disks GUI. The samba share should work after remounting the drive.

Source: https://www.redhat.com/archives/rhl-list/2009-July/msg00858.html

edit flag offensive delete link more

Comments

This is a good one! Didn't thought of this solution when posting my answer. (So this one should be marked as correct answer instead of mine.)

Axel Sommerfeldt gravatar imageAxel Sommerfeldt ( 2015-01-31 04:38:18 -0500 )edit

Nice answer!

randomuser gravatar imagerandomuser ( 2015-01-31 13:10:12 -0500 )edit

Yeah well, I can't take the credit. When I had the same issue, it took me some serious Googling to find the link I posted. It wasn't my solution but it worked for me.

cgonz31 gravatar imagecgonz31 ( 2015-01-31 13:15:33 -0500 )edit

yep, this rocks... much appreciated!

critter gravatar imagecritter ( 2015-02-01 12:56:16 -0500 )edit
0

answered 2015-01-29 15:04:33 -0500

Axel Sommerfeldt gravatar image

updated 2015-01-31 03:54:20 -0500

AFAIK you can't add SELinux contexts to a NTFS file system.

edit flag offensive delete link more

Comments

Thanks. That would explain it. I'm not yet familiar enough with settings, quirks, etc. Perhaps there's a workaround other than tossing it out completely with setenforce 0.

critter gravatar imagecritter ( 2015-01-29 16:49:49 -0500 )edit
1

I think that semanage permissive -a smbd_t, ie don't police samba, is probably your second best option. Using a compatible filesystem is a better option.

randomuser gravatar imagerandomuser ( 2015-01-29 17:21:56 -0500 )edit

That works well for this purpose. Yeah, a compatible filesystem would be the ideal solution. The combination of TB's of data and the "ahh.. god this is gonna take foreever" factors make procrastination an attractive alternative. :-)

I'll edit the thread title to better reflect the situation.

critter gravatar imagecritter ( 2015-01-30 10:11:12 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2015-01-29 13:03:03 -0500

Seen: 1,325 times

Last updated: Feb 03 '15