On Tue, 2008-04-22 at 09:10 -0700, Hal wrote:
What are the mount options you were talking about? I could not find a way to override nfs_t label.
For NFSv3 you should be able to use context=system_u:object_r:httpd_sys_content_t:s0 (or whatever label you want)
see mount(8)
very recent kernels (2.6.25 devel timeframe) and nfs-utils allow usage of context= rootcontext= and fscontext=
if you are trying to mount the same server in multiple places with multiple label you may need to look at the nosharecache option....
Someday we will have real labeling support on NFS. Someday
-Eric
--- Eric Paris eparis@redhat.com wrote:
On Mon, 2008-04-21 at 15:40 -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hal wrote:
Hi all, I have a simple question: Is there any way to use NFS home dirs for xguest users? Will NFS4 work with selinux for normal and xguest user homes? If yes, where can I read more?
Regards, Hal
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Yes. I am working on the policy for confined users using nfs now. NFS and NFS4 currently do not support labeling, although this is being worked on. The system treats all files/directory as being labeled nfs_t, or you can override with a mount option.
At the moment only NFSv3 can be overridden with mount options. NFSv4 support will appear in 2.6.26.....
-Eric
____________________________________________________________________________________
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ