Samba HOWTO Wiki Bug: Chcon Samba_share_t

Home » CentOS » Samba HOWTO Wiki Bug: Chcon Samba_share_t
CentOS 13 Comments

In this wiki article:

https://wiki.CentOS.org/HowTos/SetUpSamba

…there is a command down in section 2 that gives an error here on CentOS 7:

$ sudo semanage fcontext –at samba_share_t /path/to/share
…noise noise noise…
semanage: error: unrecognized arguments: samba_share_t /path/to/share

That and the following restorecon command can be replaced by a single shorter command, which also fixes the symptom:

$ sudo chcon -R -t samba_share_t /path/to/share

13 thoughts on - Samba HOWTO Wiki Bug: Chcon Samba_share_t

  • Thanks!

    I now see another instance of this in section 3. Instead of copying the text verbatim, it should probably be:

    chcon -R -t samba_share_t /mnt/data

    …in order to match the text above it.

  • Warren,

    I was just informed that the chcon command your suggested was originally there, but it was replaced with the 2 line version sometime ago. The reason given was “Replace chcon by semanage/restorecon pair to survive filesystem relabel”.

    What do you think?

    Akemi

  • The comment is correct: chcon will not survive a relabel. You need to update the database first (semanage fcontext) and then let a relabel apply the new context.

    Louis

  • Alright, then why do I get that error when I give the command from this morning’s wiki text, and how do I avoid it?

  • What is “noise” exactly?  I don’t get errors from that command:

    # semanage fcontext -at samba_share_t /srv/samba
    #

    As others pointed out, chcon is not a replacement for registering a persistent file context.

  • The full message is:

    usage: semanage [-h]

    {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}

    semanage: error: unrecognized arguments: samba_share_t ‘/path/to/share(/.*)?’

  • You can check the labels using seinfo -t, below is what I had for samba

    samba_etc_t
    samba_initrc_exec_t
    samba_log_t
    samba_net_exec_t
    samba_net_t
    samba_net_tmp_t
    samba_secrets_t
    samba_share_t
    samba_spool_t
    samba_unconfined_net_t
    samba_unconfined_script_exec_t
    samba_unconfined_script_t
    samba_unit_file_t
    samba_var_t
    sambagui_exec_t
    sambagui_t

    I tried a few boxes and I don’t get that error


    Kind Regards Earl Ramirez

  • I’m away from work now, so I can’t check it at the moment, but if that explained the problem, wouldn’t my chcon command also have failed? Clearly the SELinux type samba_share_t does exist on my CentOS 7 machine.

  • # od -c sudo semanage fcontext –at samba_share_t /path/to/share
    0000000   s   u   d   o       s   e   m   a   n   a   g   e f   c
    0000020   o   n   t   e   x   t     342 200 223   a   t       s a   m
    0000040   b   a   _   s   h   a   r   e   _   t       /   p   a t   h
    0000060   /   t   o   /   s   h   a   r   e  \n

    You get the error because that isn’t a hyphen, it’s an en-dash. Someone probably copied and pasted from Word.

  • The formatting is from my mailer. The paste into the terminal wouldn’t have been affected.

    And again, the chcon command succeeded, with the same type name, copied from the same source by the same method.

  • The only way I can get semanage to output the error you reported is if that command is run with an en-dash instead of a hyphen.  I’m really pretty confident that it was an en-dash when you ran the command.

    The command works when it’s run with a hyphen, and it will print a different error if there is any other type of usage error I’ve tested.