Tag Archives: samba

SELinux fix for Mergerfs to allow Docker and Samba access

I recently started using Snapraid and Mergerfs setup to manage my disk pool. I have ~27TB of raw storage which I am managing.

While setting up Mergerfs as usual ran into SELinux issues that will prohibit Docker and Samba access to the storage. So, here’s my fix.

Samba

Docker

Fixing Random Samba Share Lockouts w/Docker

Continuation of my previous post about fixing random Samba Share lockouts. I discovered that Docker and Samba were fighting to gain access to the folders. If I set the label to samba_share_t, then Docker loses access. If I allow Docker (with “Z” option while running container), then Docker resets the label to “svirt_sandbox_file_t”. How can I make both use it? Turns out there is a solution. Credit to this Serverfault post: https://serverfault.com/a/881098/449814

Create a new SELinux Policy Module to allow Samba to access the Docker label.

Then start the Docker container with Volumes mounted using “Z” option. You should now be good to go with both Samba and Docker living together happily ever after…

 

Fixing Random Samba Share Lockouts

Ever had Samba shares on CentOS become randomly inaccessible? If so, I might have a cure… Turns out the culprit is (yet) again SELinux. Thank you SELinux for your super sensitive security policies…

It turns out that you might have lost extra important SELinux label on the share and sub-folders. Don’t ask me why and how? Perhaps a boot failure or power failure or random act of God?!

OK, here’s the solution you are looking for. Logon to your CentOS server and simply issue the chcon command. Be sure to do it recursively if you want to access sub-folders inside.

and that’s it! This will once again make that share accessible. Really… that simple!

EDIT: I figured out why lockouts were happening. It turns a Docker container was accessing these shares and resetting the label. If I set the label back to samba_share_t and make Docker container stop resetting it, then Docker container loses access to the folders. argh!

How to configure Brother QL-700 label printer on CentOS

I recently built a print server at home where I have attached the Brother QL-700 label printer. That printer does not have Wireless printing feature and I wanted to have all computers in the house be able to use it over the network. I thought of buying a new label printer that comes with Wireless connectivity but I couldn’t find any brand new label printer less than $100. Then I had an idea. Why don’t I build a print server? So using a few spare computer components and purchasing a few new components, I built a print server. But that’s not what I want to discuss in this post… (maybe a dedicated post for that – finally one here). What I really want to discuss is how I configured my printer to work on CentOS and be able to print through Windows.

Assumptions:

  • You have the printer plugged into the CentOS computer using USB port
  • The computer has CentOS 7 (might work for earlier versions as well)
  • The computer has network connectivity (either Wireless or Wired)
  • “CUPS” is installed and accessible via http://<server host>:631
  • Samba is installed and running on the Server

Step 1: Download and install the printer driver

Brother’s website actually has printer drivers available for CentOS. 

  • After installation is successful, install the printer driver in the order below

  • After installation is successful, set the Default Options for the printer in the CUPS portal
  • Go to the CUPS portal, then Printers tab
  • Select the QL-700 printer, then in the “Administration” drop down, select “Set Default Options”
  • In the “Basic” Options, set Media Size to the most appropriate paper size in the printer. For me it was “62mm(2.4″)”

Step 2: Configure SELinux

SELinux will deny you access to printer. This is where I spent many hours trying to figure out why my printer wasn’t printing anything. To remedy this, do one of the following:

  1. Permanently disable SELinux (Not recommended)
  2. Temporarily disable SELinux (It gets enabled next time server reboots – so not really very useful)
  3. Configure it to permanently allow Printer access (Recommended)

I chose Option 3. Here’s how to configure SELinux to allow Printer access:

  • Temporarily disable SELinux

  • Then print a test page. This will be in CUPS portal -> Printers. Under “Maintenance” drop down, “Print Test Page” Option
  • Hopefully, a test page will be printed
  • Then log on to the Server to find out what SELinux policies to set

  • This should print something like below

  • You need to then create an SELinux module out of above by running the following command

“cupspolicy” name is representative. You can give any name as long as it is unique for SELinux

  • After this, make the policy package active by running following command:

  • Now either reboot the server or remove the SELinux permissive mode

You should now be able to print another test page. At this point you are all set for configuring Samba.

Step 3: Configure Samba

I use Webmin to manage the server. This allows me to use a GUI interface to perform Samba configuration. If you know your way around commands you can do the same through Console as well.

  • In Webmin, go to Servers -> Samba Windows File Sharing
  • Select “printers”, then set various options as follows

  • Save and then go to “Security and Access Control”. Then give “Guest” access (or any other level of access as you need)

  • At this point you should be all set from Server side

Step 4: Configure Windows computer

  • Go again to Brother’s website and this time download drivers and software for Windows 10 64 bit (or other Windows): http://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=lpql700eus&os=10011
  • Install the driver and software
  • After that, Add the network printer by going to: Control Panel\Hardware and Sound\Devices and Printers
  • In the “Add a device” wizard, select “The printer that I want isn’t listed”
  • In the next screen, select “Select a shared printer by name” and then in the input box, type the http address for the CUPS site for the printer. It should be something like “http://<serverhost>:631/printers/QL-700”
  • When I asked for Driver, select “Brother” as manufacturer and “Brother QL-700” as printer

  • Hit OK and complete the set up
  • After that the QL-700 printer should show up under “Printers”
  • Next, you need to create a Custom Layout in “P-touch Editor”. This step was required for me because I wanted to print small address labels but the printer was erroring out not recognizing the layout (Hint: red flashing light)
  • In the “P-touch Editor”, open the “Small Address Label” (2.4″ x 1.1″) layout, and then set the Length from 1.1″ to “Auto”

  • Save the layout as “Custom_Small_Address” or any other name (File -> Save As)
  • Then import the layout in “P-touch Address Book” software. This is the software I use most frequently to print address labels (Layout -> Import Layout). The custom layout should appear under “My Templates”
  • At this point, you are all set. Try printing the label using the custom layout and hopefully it will print

Problems?

Let me know if you are facing issues. It took me several hours to find out what was wrong but finally I was able to configure the printer. It may be same for you. I can try to help you if I could. Most of the issues were related to driver install, SELinux and media size, so be sure to follow each and every step above.