I recently upgraded to Leap 16.0 and still have a bit to learn. In this case it is how samba shares work when I am using Dolphin to move the files from my ~/Downloads directory to the /srv/samba shared hard drive.
My experience has been when moving large files eg .mp4 files >5.0GiB for playing in media player. These files on occasions fail to play and I have found that the issue is due to the SELinux policy configuration. The problem is that SELinux labels are not being applied to new files when moved so the label from the source directory is preserved instead of inheriting the share label.
user_home_t ā blocked by Samba
samba_share_t ā allowed
So the moved files can be listed but not opened for streaming because they are still labelled
user_home_t
The quick fix I have used is:-
sudo restorecon -RFv /srv/samba/private_data
and to more permanent fix has been to create a relabel script and enable this as a service.
I am posting just in case others have had this problem. My point is that I am still learning about SELinux which I gladly embrace but surely other OSās which have used SELinux for a long time must have developed a better solution for systems using samba. What does this forum think?
@Budgie2 Iād suggest a read hereā¦ SELinux-error after update and create a bug reportā¦
As far as I know when a file is copied to another directory, the file will be created in the destination directory in accordance to the default se-labeling rules of the destination directory.
However on my system this does not work with dolphin.
But when I use the command line with cp -Z it works.
That is how it is supposed to work.
Copies create new files, new files get new context (by default).
Moving does not create a new file, context remains.
Not a problem, working as intended.
Interesting. Of course I use Dolphin for convenience but cli is fine now I know.
Will need to think through difference between copy and move when using Dolphin. Does this make Dolphin the culprit I wonder.
On my system
- using
dolphin to copy a file to destination will always result in the file still having its original selinux-contex in the destination.
- using
dolphin to move a file to destination will always result in the file keeping its original selinux-contex in the destination.
- using
cp on the command line to copy a file to destination will always result in the file receiving the selinux-contex of the destination.
- using
mv on the command lineto move a file to destination will always result in the file keeping its original selinux-contex in the destination.
As far as I know 2.-4. are the expected behaviors.
Iām not sure if 1. is a bug or if dolphin is supposed to behave that way (or if there is some special dolphin-command which will deliver the same result as 3.).
With the way KDE is structured, the bug is in kio not Dolphin. Iām not exactly a C++ developer so tracking where everything is going is a serious pain so I canāt tell if itās just using the same logic to move without unlinking the source file or if when it copies the permissions to the new file it is including the SELinux context as well.
Either way itās doing the wrong thing and thereās already a bug in KDEās bug tracker https://bugs.kde.org/show_bug.cgi?id=498443 I donāt know if you can vote on an issue there or if you just have to add that youāre seeing it as well but you should probably do one of those things. It was reported over a year ago but probably isnāt seen as a huge issue.
There is also some workaround in the comments of that bug that might be useful.
1 Like
Thank you for pointing out the bug report. I added a comment.