FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-11-2008, 12:06 AM
Dan Thurman
 
Default Problem with samba mounts via fstab and credentials option

When one adds a samba share via /etc/fstab and using as an entry:

credentials=/etc/share/auth.smb in the options field

This file contains sensitive username/password data, has a samba_etc_t type
but on reboot, SELinux does not allow the mount.cifs program to read fstab
entries containing the credentials mount options and produces an error 13
message during the loading of the services. The result is that the mount has
failed and must be remounted manually as a root user after the system comes
up.

The logs show:

type=AVC msg=audit(1200012700.796:14): avc: denied { read } for
pid=2528 comm="mount.cifs" name="auth.smb" dev=sda5 ino=788340
scontext=system_u:system_r:mount_t:s0
tcontext=system_ubject_r:samba_etc_t:s0 tclass=file

Should I simply attempt to chcon -t mount_t /etc/samba.auth.smb or should this
be handled differently?

Thanks-
Dan

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-11-2008, 12:48 AM
Dan Thurman
 
Default Problem with samba mounts via fstab and credentials option

On Thursday 10 January 2008 05:06:51 pm Daniel B. Thurman wrote:
> When one adds a samba share via /etc/fstab and using as an entry:
> credentials=/etc/share/auth.smb in the options field
> This file contains sensitive username/password data, has a samba_etc_t type
> but on reboot, SELinux does not allow the mount.cifs program to read fstab
> entries containing the credentials mount options and produces an error 13
> message during the loading of the services. The result is that the mount
> has failed and must be remounted manually as a root user after the system
> comes up.
> The logs show:
> type=AVC msg=audit(1200012700.796:14): avc:* denied* { read } for
> pid=2528 comm="mount.cifs" name="auth.smb" dev=sda5 ino=788340
> scontext=system_u:system_r:mount_t:s0
> tcontext=system_ubject_r:samba_etc_t:s0 tclass=file
> Should I simply attempt to chcon -t mount_t /etc/samba.auth.smb or should
> this be handled differently?
> Thanks-
> Dan

Oops. It should have said: /etc/samba/auth.smb


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-11-2008, 09:07 AM
Paul Howarth
 
Default Problem with samba mounts via fstab and credentials option

Dan Thurman wrote:

On Thursday 10 January 2008 05:06:51 pm Daniel B. Thurman wrote:

When one adds a samba share via /etc/fstab and using as an entry:
credentials=/etc/share/auth.smb in the options field
This file contains sensitive username/password data, has a samba_etc_t type
but on reboot, SELinux does not allow the mount.cifs program to read fstab
entries containing the credentials mount options and produces an error 13
message during the loading of the services. The result is that the mount
has failed and must be remounted manually as a root user after the system
comes up.
The logs show:
type=AVC msg=audit(1200012700.796:14): avc: denied { read } for
pid=2528 comm="mount.cifs" name="auth.smb" dev=sda5 ino=788340
scontext=system_u:system_r:mount_t:s0
tcontext=system_ubject_r:samba_etc_t:s0 tclass=file
Should I simply attempt to chcon -t mount_t /etc/samba.auth.smb or should
this be handled differently?
Thanks-
Dan


Oops. It should have said: /etc/samba/auth.smb


Try setting the allow_mount_anyfile boolean.

# setsebool -P allow_mount_anyfile 1

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org