Hi everyone, when setting up ceph fs (using reef) on my system, I have noticed that there is an issue with an SELinux environment for an smb-gateway:
SELinux requires samba shares to be of type samba_share_t. While this can be achieved with e.g. chcon on the mounted ceph fs (since it supports xattr), it is not possible to assign an SELinux type to the .snap subfolder, since it is read-only. Therefore, Is -lZ .snap returns a question mark, and samba access results in an access denied error to the type "unlabeled_t". While it is possible (as a workaround) to implement a rule that allows samba to access folders of "unlabeled_t", I think a proper solution would be to assign a label to the .snap folder as well. For samba, accessing the .snap folder is essential in order to enable "previous versions" functionality of the Windows Explorer with the samba shadow_copy2 vfs, as it can be found in a couple of youtube tutorials covering ceph fs + samba. How could this be done? Thanks, sophonet _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
