[CentOS] Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share

[Frank Murphy]

On Sun, 2008-07-13 at 11:49 -0400, Filipe Brandenburger wrote:
> Hi,
> 
> Please try to be more specific about what you are trying to do, how
> you are trying to do it, what you expected, what is going wrong, and
> what you tried to do to repair it. Your previous mail looks like the
> output of a tool, I don't even know which. Knowing that would help
> solve your issue.

tool: setroubleshoot.noarch :: gui helps solve selinux problesm either
Redhat\Fedora epel or rpmforge d\l

> 
> >From what I see, you are trying to mount an .iso file in a target
> directory inside Samba's tree, and SELinux is denying that (with the
> AVC you showed on your original message).

The 4 isos are shared to Fedora clients using samba, everyfile under the
shared main mountpoint has SElinux samba shared context.


> 
> SELinux complains because the target directory is not marked with the
> "mnt_t" type and, for security, it restricts mounting filesystems only
> to directories with that type.
> 

That is probably what I'm looking for

> To change that, you could use "chcon" to set the type to the directory
> where you want to mount your iso.
> 
> # chcon -t mnt_t /path/to/mountpoint
> # mount -o loop,ro /path/to/iso/Fedora.iso /path/to/mountpoint
> 
> You can use ls -Z (or if it's a directory ls -dZ) to verify the
> SELinux user:role:type of the file.
> 
> Please let us know how that works for you.
> 

Will give a good check in the am.

> HTH,
> Filipe

Frank