Hi there,
I want to share a folder used as a rootless Podman volume via Samba and I’m encountering a host of different problems.
# ls -laZ /zfs_pool
total 835
[...]
drwxr-xr-x. 227 101019 101019 system_u:object_r:container_file_t:s0 227 Sep 14 19:38 folder
smb.conf:
[global]
# workaround for https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/J2EPUMEHNQAOXYTQEBIWMQBCW2VIQIVE/
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
show add printer wizard = no
server string = My Server
server role = standalone server
workgroup = WORKGROUP
passdb backend = tdbsam
map to guest = Bad User
usershare allow guests = Yes
[Folder]
path = /crypt/Folder
write list = myuser
#force user = 101019
#force group = 101019
create mask = 0644
guest ok = Yes
When I first started to access the share I got selinux denies like
----
time->Thu Sep 14 19:41:32 2023
type=AVC msg=audit(1694713292.340:337): avc: denied { search } for pid=5851 comm="smbd[192.168.2." name="/" dev="zfs" ino=4 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0
which I “fixed” by creating a selinux module with audit2allow
. Now starting smb
and mounting the share on another computer completes without an error but if I list the share contents I get an empty list back. Creating files in the share does not work either unsurprisingly. The only messages in the smb log are those:
[2023/09/14 20:14:52.577436, 0] ../../source3/lib/sysquotas.c:508(sys_get_quota)
sys_path_to_bdev() failed for path [.]!
[2023/09/14 20:14:52.577808, 0] ../../source3/lib/sysquotas.c:508(sys_get_quota)
sys_path_to_bdev() failed for path [.]!
So first question: How do I get this working at all? Second question: As you can see in the ls
output above the folder owner is a user id resulting from running the process within the podman container as non root (user id 1020 to be exact). I would like to use the force user
and force group
directives in the smb.conf
to create files and directories written in the share as the same user id. Is this possible?
If Samba does not work for this use case are there any alternative solutions that would allow me to mount those directories on a remote computer and read and write data to it with the correct user id?
Thanks for all your input