我们都知道secLinux是Linux的安全模块,之前我做Linux samba共享的时候,都是直接把secLinux直接关掉的,但是这样还是不利于安全。
我也百度过很多,都没有找到的配置seclinux共存的方法。
直到到我看到这篇文章https://www.cnblogs.com/zzyyxxjc/p/4489508.html
但是此文还是有点缺陷,并没能够直接解决
我就直接复制参考原文部分:
#---------------
# SELINUX NOTES:
# 分享群組
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# 分享home目錄
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
英文具体意思我就不翻译了
经过本人测试只有运行了setsebool -P samba_export_all_ro on或者 setsebool -P samba_export_all_rw on
setsebool -P samba_enable_home_dirs on 这个好像并没有什么用
前面是只读 后面是读写
终于就解决的这个问题。