mounting nfs as httpd_sys_content_t under selinux
Eric Paris
eparis at redhat.com
Mon Dec 10 14:39:29 UTC 2007
On Sat, 2007-12-08 at 11:41 -0500, Johnny Tan wrote:
> I have a NFS mount that I want apache to be able to serve
> files from.
>
> According to this doc:
> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/ch45s02s03.html
>
> I should be able to mount it with a context that will allow
> apache to access it.
>
> But when I try the suggested command:
>
> [root at vm-37:~] mount -t nfs -o \
> context=system_u:object_r:httpd_sys_content_t \
> 192.168.1.100:/data/test /mnt/test
>
> It *does* mount, but when I do:
> [root at vm-37:~]# ls -lZ /mnt
> drwxr-xr-x 65534 65534 system_u:object_r:nfs_t test
>
> It doesn't show the correct context.
>
> (I don't know if it matters that I don't have a user with
> UID 65534, only the remote NFS server has that.)
Do you have /data/test mounted somewhere else at the same time? Or
maybe /data is the actual export from the server and you
have /data/some_other_dir mounted somewhere else?
If it is case #1 you are going to have to mount it the first time with
the context= option. We can't have one mount using !context= and the
other mount having context=. Just a way the software works.
If it is case #2 it might work by mounting it with nosharecache (not
sure if you have to do that on both mounts....)
If it is neither of these cases can you file a RH bugzilla clearly
explaining your versions of everything, how the server exports things,
and what else the client has mounted at the time?
-Eric
More information about the fedora-selinux-list
mailing list