Samba and SELinux

In a previous post, I mentioned that you can keep selinux enabled to keep your system a bit more secure, by applying a label to your system.  For example, with a Samba share, you might do this:

chcon -R -t samba_share_t /srv/exports/backups

This labels (recursively) the /srv/exports/backups share as a samba share.

But this change wont persist across a filesystem relabel.  So, we have to do this:

semanage fcontext -a -t samba_share_t ’/srv/exports/backups(/.*)?’
restorecon -R -v /srv/exports/backups

For more tips and more options, see http://danwalsh.livejournal.com/14195.html .