mounting windows share on local machine via samba – fixing selinux

if you are running selinux, you get this error

SELinux is preventing samba (smbd) "getattr" to /mnt/blarblar (cifs_t). For complete SELinux messages. run sealert -l e523015e-150a-4736-80c1-c7a40af6d396"

In fstab, we need to mount samba with the right context like so:

// /mnt/blarblar  cifs domain=MYDOMAIN,user=backupservice,password=blarblar,context=system_u:object_r:samba_share_t:s0 0 0

or using command line, remember to use the right context

mount --context="system_u:object_r:samba_share_t:s0"

I found the “samba_selinux” man page useful.

selinux relabeling error

when you disable and enable selinux, it relabels the files upon start up. There seems to be a bug where sometimes selinux relabel the files wrongly. I once got the fcontext of all the files under /sbin and /bin as boot_t. This can create serious problems… worst than you can imagine. I can’t even ssh into the server!

the fix is the “fixfiles relabel /”, then restorecon when necessary.