In this wiki article:
https://wiki.centos.org/HowTos/SetUpSamba
…there is a command down in section 2 that gives an error here on CentOS 7:
$ sudo semanage fcontext –at samba_share_t /path/to/share …noise noise noise… semanage: error: unrecognized arguments: samba_share_t /path/to/share
That and the following restorecon command can be replaced by a single shorter command, which also fixes the symptom:
$ sudo chcon -R -t samba_share_t /path/to/share
On Fri, May 4, 2018 at 12:03 PM, Warren Young warren@etr-usa.com wrote:
In this wiki article:
https://wiki.centos.org/HowTos/SetUpSamba
…there is a command down in section 2 that gives an error here on CentOS 7:
$ sudo semanage fcontext –at samba_share_t /path/to/share …noise noise noise… semanage: error: unrecognized arguments: samba_share_t /path/to/shareThat and the following restorecon command can be replaced by a single shorter command, which also fixes the symptom:
$ sudo chcon -R -t samba_share_t /path/to/share
Updated the page as suggested. Thanks.
Akemi
On May 4, 2018, at 3:03 PM, Akemi Yagi amyagi@gmail.com wrote:
On Fri, May 4, 2018 at 12:03 PM, Warren Young warren@etr-usa.com wrote:
$ sudo chcon -R -t samba_share_t /path/to/share
Updated the page as suggested. Thanks.
Thanks!
I now see another instance of this in section 3. Instead of copying the text verbatim, it should probably be:
chcon -R -t samba_share_t /mnt/data
…in order to match the text above it.
On Fri, May 4, 2018 at 2:26 PM, Warren Young warren@etr-usa.com wrote:
On May 4, 2018, at 3:03 PM, Akemi Yagi amyagi@gmail.com wrote:
On Fri, May 4, 2018 at 12:03 PM, Warren Young warren@etr-usa.com wrote:
$ sudo chcon -R -t samba_share_t /path/to/share
Updated the page as suggested. Thanks.
Thanks!
I now see another instance of this in section 3. Instead of copying the text verbatim, it should probably be:
chcon -R -t samba_share_t /mnt/data…in order to match the text above it.
Warren,
I was just informed that the chcon command your suggested was originally there, but it was replaced with the 2 line version sometime ago. The reason given was "Replace chcon by semanage/restorecon pair to survive filesystem relabel".
What do you think?
Akemi
On Fri, 2018-05-04 at 14:55 -0700, Akemi Yagi wrote:
On Fri, May 4, 2018 at 2:26 PM, Warren Young warren@etr-usa.com wrote:
On May 4, 2018, at 3:03 PM, Akemi Yagi amyagi@gmail.com wrote:
On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren@etr-usa.com
wrote:
$ sudo chcon -R -t samba_share_t /path/to/share
Updated the page as suggested. Thanks.
Thanks!
I now see another instance of this in section 3. Instead of copying the text verbatim, it should probably be:
chcon -R -t samba_share_t /mnt/data…in order to match the text above it.
Warren,
I was just informed that the chcon command your suggested was originally there, but it was replaced with the 2 line version sometime ago. The reason given was "Replace chcon by semanage/restorecon pair to survive filesystem relabel".
The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.
Louis
On Fri, May 4, 2018 at 3:11 PM, Louis Lagendijk louis@fazant.net wrote:
On Fri, 2018-05-04 at 14:55 -0700, Akemi Yagi wrote:
On Fri, May 4, 2018 at 2:26 PM, Warren Young warren@etr-usa.com wrote:
On May 4, 2018, at 3:03 PM, Akemi Yagi amyagi@gmail.com wrote:
On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren@etr-usa.com
wrote:
$ sudo chcon -R -t samba_share_t /path/to/share
Updated the page as suggested. Thanks.
Thanks!
I now see another instance of this in section 3. Instead of copying the text verbatim, it should probably be:
chcon -R -t samba_share_t /mnt/data…in order to match the text above it.
Warren,
I was just informed that the chcon command your suggested was originally there, but it was replaced with the 2 line version sometime ago. The reason given was "Replace chcon by semanage/restorecon pair to survive filesystem relabel".
The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.
Louis
Thanks for the input. Reverted the change.
Akemi
On May 4, 2018, at 4:11 PM, Louis Lagendijk louis@fazant.net wrote:
The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.
Alright, then why do I get that error when I give the command from this morning’s wiki text, and how do I avoid it?
On 05/04/2018 04:05 PM, Warren Young wrote:
On May 4, 2018, at 4:11 PM, Louis Lagendijk louis@fazant.net wrote:
The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.
Alright, then why do I get that error when I give the command from this morning’s wiki text, and how do I avoid it?
# od -c sudo semanage fcontext –at samba_share_t /path/to/share 0000000 s u d o s e m a n a g e f c 0000020 o n t e x t 342 200 223 a t s a m 0000040 b a _ s h a r e _ t / p a t h 0000060 / t o / s h a r e \n
You get the error because that isn't a hyphen, it's an en-dash. Someone probably copied and pasted from Word.
On May 5, 2018, at 12:04 AM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 05/04/2018 04:05 PM, Warren Young wrote:
On May 4, 2018, at 4:11 PM, Louis Lagendijk louis@fazant.net wrote:
The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.
Alright, then why do I get that error when I give the command from this morning’s wiki text, and how do I avoid it?
# od -c sudo semanage fcontext –at samba_share_t /path/to/share 0000000 s u d o s e m a n a g e f c 0000020 o n t e x t 342 200 223 a t s a m 0000040 b a _ s h a r e _ t / p a t h 0000060 / t o / s h a r e \n
You get the error because that isn't a hyphen, it's an en-dash. Someone probably copied and pasted from Word.
The formatting is from my mailer. The paste into the terminal wouldn’t have been affected.
And again, the chcon command succeeded, with the same type name, copied from the same source by the same method.
On 05/04/2018 11:15 PM, Warren Young wrote:
On May 5, 2018, at 12:04 AM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 05/04/2018 04:05 PM, Warren Young wrote:
Alright, then why do I get that error when I give the command from this morning’s wiki text, and how do I avoid it?
You get the error because that isn't a hyphen, it's an en-dash. Someone probably copied and pasted from Word.
The formatting is from my mailer. The paste into the terminal wouldn’t have been affected. And again, the chcon command succeeded, with the same type name, copied from the same source by the same method.
The only way I can get semanage to output the error you reported is if that command is run with an en-dash instead of a hyphen. I'm really pretty confident that it was an en-dash when you ran the command.
The command works when it's run with a hyphen, and it will print a different error if there is any other type of usage error I've tested.
On 05/04/2018 12:03 PM, Warren Young wrote:
…there is a command down in section 2 that gives an error here on CentOS 7:
$ sudo semanage fcontext –at samba_share_t /path/to/share …noise noise noise… semanage: error: unrecognized arguments: samba_share_t /path/to/share
What is "noise" exactly? I don't get errors from that command:
# semanage fcontext -at samba_share_t /srv/samba #
That and the following restorecon command can be replaced by a single shorter command, which also fixes the symptom:
As others pointed out, chcon is not a replacement for registering a persistent file context.
On May 4, 2018, at 5:13 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 05/04/2018 12:03 PM, Warren Young wrote:
…there is a command down in section 2 that gives an error here on CentOS 7:
$ sudo semanage fcontext –at samba_share_t /path/to/share …noise noise noise… semanage: error: unrecognized arguments: samba_share_t /path/to/shareWhat is "noise" exactly? I don't get errors from that command:
The full message is:
usage: semanage [-h]
{import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage: error: unrecognized arguments: samba_share_t '/path/to/share(/.*)?'
On 4 May 2018 at 19:49, Warren Young warren@etr-usa.com wrote:
On May 4, 2018, at 5:13 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 05/04/2018 12:03 PM, Warren Young wrote:
…there is a command down in section 2 that gives an error here on
CentOS 7:
$ sudo semanage fcontext –at samba_share_t /path/to/share …noise noise noise… semanage: error: unrecognized arguments: samba_share_t/path/to/share
What is "noise" exactly? I don't get errors from that command:
The full message is:
usage: semanage [-h] {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage: error: unrecognized arguments: samba_share_t '/path/to/share(/.*)?'
You can check the labels using seinfo -t, below is what I had for samba
samba_etc_t samba_initrc_exec_t samba_log_t samba_net_exec_t samba_net_t samba_net_tmp_t samba_secrets_t samba_share_t samba_spool_t samba_unconfined_net_t samba_unconfined_script_exec_t samba_unconfined_script_t samba_unit_file_t samba_var_t sambagui_exec_t sambagui_t
I tried a few boxes and I don't get that error
On May 4, 2018, at 6:35 PM, Earl A Ramirez earlaramirez@gmail.com wrote:
You can check the labels using seinfo -t, below is what I had for samba
I’m away from work now, so I can’t check it at the moment, but if that explained the problem, wouldn’t my chcon command also have failed? Clearly the SELinux type samba_share_t does exist on my CentOS 7 machine.
-
Akemi Yagi -
Earl A Ramirez -
Gordon Messmer -
Louis Lagendijk -
Warren Young