I have a webserver (nginx) running on Centos7.
I need to mount shares of a samba server in a samba client, have have the content to be served by nginx.
It is installed on this server samba-client, samba-common and cifs-utils.
On my research, I found out that the SELinux context for nginx is "system_u:object_r:httpd_sys_content_t:s0".
I have set this recursively to the nginx root folder, added an index.html file and successfully served the file.
I then mounted the samba shares /mount/test on my nginx server and, when I checked the SELinux context of the shares is system_u:object_r:cifs_t:s0
Since the samba shares are read only, I can't use chcon -R -t httpd_sys_content_t /mount/test. I tried and got an error (action can't be performed).
You might want to check the sebool variable settings using the getsebool utility. There are whole raft of specialized setting related to what webservers will be permitted to do and network shares are a big part of them.
Sources may include data from the Fakebook Research Foundation with support from Gargle University
yeah, but ... what would PIE do? Especially concerning this tiny ad: