Sharing Podman volume via Samba

Hi there,

I want to share a folder used as a rootless Podman volume via Samba and I’m encountering a host of different problems.

# ls -laZ /zfs_pool
total 835
drwxr-xr-x. 227 101019 101019 system_u:object_r:container_file_t:s0           227 Sep 14 19:38 folder


	# workaround for
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	show add printer wizard = no
	server string = My Server
	server role = standalone server
	workgroup = WORKGROUP
	passdb backend = tdbsam
	map to guest = Bad User
	usershare allow guests = Yes
	path = /crypt/Folder
	write list = myuser
	#force user = 101019
	#force group = 101019
	create mask = 0644
	guest ok = Yes

When I first started to access the share I got selinux denies like

time->Thu Sep 14 19:41:32 2023
type=AVC msg=audit(1694713292.340:337): avc:  denied  { search } for  pid=5851 comm="smbd[192.168.2." name="/" dev="zfs" ino=4 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0

which I “fixed” by creating a selinux module with audit2allow. Now starting smb and mounting the share on another computer completes without an error but if I list the share contents I get an empty list back. Creating files in the share does not work either unsurprisingly. The only messages in the smb log are those:

[2023/09/14 20:14:52.577436,  0] ../../source3/lib/sysquotas.c:508(sys_get_quota)
  sys_path_to_bdev() failed for path [.]!
[2023/09/14 20:14:52.577808,  0] ../../source3/lib/sysquotas.c:508(sys_get_quota)
  sys_path_to_bdev() failed for path [.]!

So first question: How do I get this working at all? Second question: As you can see in the ls output above the folder owner is a user id resulting from running the process within the podman container as non root (user id 1020 to be exact). I would like to use the force user and force group directives in the smb.conf to create files and directories written in the share as the same user id. Is this possible?

If Samba does not work for this use case are there any alternative solutions that would allow me to mount those directories on a remote computer and read and write data to it with the correct user id?

Thanks for all your input :slight_smile: